Vulnerability Database

296,676

Total vulnerabilities in the database

CVE-2025-56648

npm parcel 2.0.0-alpha and before has an Origin Validation Error vulnerability. Malicious websites can send XMLHTTPRequests to the application's development server and read the response to steal source code when developers visit them.

Published: Sep 17, 2025
Updated: Sep 19, 2025
CVE: CVE-2025-56648
GHSA: GHSA-qm9p-f9j5-w83w
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWEs:

CWE-346

Affected Software
References

Software	From	Fixed in
@parcel / reporter-dev-server	1.6.0	2.14.4.x

https://gist.github.com/R4356th/41f468def606b2406e36f7193f5322b8
https://github.com/parcel-bundler/parcel/discussions/10089
https://github.com/parcel-bundler/parcel/issues/10216
https://github.com/parcel-bundler/parcel/pull/10138

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo