Filters
Versions
4.0.0
17
3.6.0
15
4.2.0
10
4.4.0
8
5.0.0
7
3.4.0
6
2.0.0
4
2.4.0
4
6.0.0
4
1.2.0
3
1.4.0
3
1.6.0
3
1.8.0
3
2.2.0
3
2.4.1
3
2.4.2
3
2.4.3
3
2.4.4
3
2.6.0
3
2.0.1
2
2.0.2
2
2.0.3
2
2.0.4
2
2.0.5
2
2.0.6
2
2.0.7
2
2.0.8
2
2.2.1
2
2.2.2
2
2.2.3
2
2.5.0
2
2.6.1
2
7.0.0
2
0.7.0
1
1.7.0
1
2.2.4
1
2.2.5
1
2.2.6
1
2.2.7
1
2.3.0
1
2.3.1
1
2.4.12
1
2.4.5
1
2.5.1
1
2.6.2
1
2.6.3
1
2.6.4
1
2.6.5
1
2.6.6
1
2.6.7
1
3.0.0
1
3.0.6
1
3.2
1
3.3
1
4.0
1
4.2
1
4.3.0
1
4.4
1
4.4.0-rc1
1
4.4.0-rc10
1
4.4.0-rc11
1
4.4.0-rc2
1
4.4.0-rc3
1
4.4.0-rc4
1
4.4.0-rc5
1
4.4.0-rc6
1
4.4.0-rc7
1
4.4.0-rc8
1
4.4.0-rc9
1
4.5.0
1
5.0.14
1
5.0.2
1
5.0.6
1
6.1.0
1
6.3.0
1
6.3.2
1
7.3.0
1
MongoDB MongoDBMongoDB Server binaries may load potentially insecure shared libraries from specific relative paths
6.7
EPSS
0.04%
First published (updated )
MongoDB MongoDBBackup files may be downloaded by underprivileged users in MongoDB Enterprise Server
5.3
EPSS
0.05%
First published (updated )
MongoDB MongoDBMissing authorization check may lead to shard key refinement
6.5
EPSS
0.05%
First published (updated )
MongoDB MongoDBCertificate validation issue in MongoDB Server running on Windows or macOS
7.5
First published (updated )
MongoDB MongoDBMongoDB Server (mongod) may crash in response to unexpected requests
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MongoDB MongoDBLarge aggregation pipelines with a specific stage can crash mongod under default configuration
7.5
First published (updated )
MongoDB MongoDBDenial of Service and Data Integrity vulnerability in features command
7.1
First published (updated )
Mongodb MongodbMongoDB Extension for VS Code may unexpectedly store credentials locally in clear text
5.5
First published (updated )
MongoDB MongoDBSpecific replication command with malformed oplog entries can crash secondaries
6.5
First published (updated )
MongoDB MongoDBUser may trigger invariant when allowed to send commands directly to shards
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MongoDB MongoDBServer log entry spoofing via newline injection
5.3
First published (updated )
MongoDB MongoDBSpecially crafted query may result in a denial of service of mongod
6.5
First published (updated )
MongoDB MongoDBInvariant failure when explaining a find with a UUID
4.9
First published (updated )
MongoDB MongoDBSpecially crafted regex query can cause DoS
6.5
First published (updated )
MongoDB MongoDBDenial of service via malformed network packet
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MongoDB MongoDBInfinite loop in aggregation expression
6.5
First published (updated )
MongoDB MongoDBImproper neutralization of null byte leads to read overrun
6.5
First published (updated )
MongoDB MongoDBCrash while joining collections with $lookup
6.5
First published (updated )
MongoDB MongoDBCrash while handling internal Javascript exception types
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MongoDB MongoDB$mod can result in undefined behavior
6.5
First published (updated )
MongoDB MongoDBPost-auth queries on compound index may crash mongod
6.5
First published (updated )
MongoDB MongoDBSpecific query can cause a DoS against MongoDB Server
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MongoDB MongoDBDenial of Service when processing malformed Role names
7.5
First published (updated )
MongoDB MongoDBSpecific GeoQuery can cause DoS against MongoDB Server
6.5
First published (updated )
MongoDB MongoDBAdministrative action may disable enforcement of per-user IP whitelisting
5.3
First published (updated )
MongoDB MongoDBProcess termination via PID file manipulation
5.3
First published (updated )
MongoDB MongoDBCode execution on Windows via OpenSSL engine injection
8.2
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MongoDB MongoDBAuthentication bypass when using LDAP authentication in MongoDB Enterprise Server
8.1
First published (updated )
MongoDB MongoDBThe skyring-setup command creates random password for mongodb skyring database but it writes passwor…
7
First published (updated )
MongoDB MongoDBMongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting,…
9.1
First published (updated )
MongoDB MongoDBIn MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8…
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MongoDB MongoDBmongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial …
7.5
First published (updated )
MongoDB MongoDBMongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an emp…
5.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MongoDB MongoDBThe find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticat…
6.5
First published (updated )
MongoDB MongoDBMongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain intern…
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.