CVE-2025-56648

Name of the Vulnerable Software and Affected Versions parcel versions 2.0.0-alpha and earlier

Description A security issue exists in Parcel that allows malicious websites to send XMLHTTPRequests to the application's development server and read the response, potentially leading to source code theft when developers visit these websites. This occurs during developer activity while working on a project with the Parcel dev server running.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.