parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the file upload functionality. An attacker can cause the server to crash by supplying a crafted URI parameter that triggers a request to an arbitrary URI, resulting in a denial of service.

langgraph-checkpoint is a library with base interfaces for LangGraph checkpoint savers.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JsonPlusSerializer deserialization process of payloads saved in the json serialization mode. An attacker can execute arbitrary code by supplying a maliciously crafted payload that is deserialized in the json mode, which supports constructor-style formats for custom objects.

org.apache.synapse:synapse-extensions is an Apache Synapse - Extensions

Affected versions of this package are vulnerable to Arbitrary Code Injection due to a lack of controls on the GraalJS and NashornJS Script Mediator engines. An attacker can execute arbitrary code with elevated privileges by submitting crafted scripts to the integration runtime environment. This is only exploitable if the attacker is an authenticated user with administrator or API creator privileges, depending on the product configuration.