npm parcel 2.0.0-alpha and before has an Origin Validation Error vulnerability. Malicious websites can send XMLHTTPRequests to the application's development server and read the response to steal source code when developers visit them.

Related CVEs

CVE-2025-56648

Key Information

GHSA ID

GHSA-qm9p-f9j5-w83w

Published

September 17, 2025 9:30 PM

Last Modified

September 17, 2025 9:30 PM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 18, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.