| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-8305 | MongoDB Server secondaries may crash due to forced index constraints | MongoDB Inc | MongoDB Server | Medium | 6.5 | 2024-10-21 14:10:31 | Deep Dive |
| CVE-2024-8654 | MongoDB Server may access non-initialized region of memory leading to unexpected behaviour | MongoDB Inc | MongoDB Server | Medium | 5.0 | 2024-09-10 13:35:51 | Deep Dive |
| CVE-2024-8207 | MongoDB Server binaries may load potentially insecure shared libraries from specific relative paths | MongoDB Inc | MongoDB Server | Medium | 6.4 | 2024-08-27 11:28:07 | Deep Dive |
| CVE-2024-6384 | Backup files may be downloaded by underprivileged users in MongoDB Enterprise Server | MongoDB Inc | MongoDB Server | Medium | 5.3 | 2024-08-13 14:22:23 | Deep Dive |
| CVE-2024-7553 | Accessing Untrusted Directory May Allow Local Privilege Escalation | MongoDB Inc | MongoDB Server | High | 7.3 | 2024-08-07 09:57:50 | Deep Dive |
| CVE-2024-6383 | MongoDB C Driver bson_string_append may be vulnerable to a buffer overflow | MongoDB Inc | libbson | Medium | 5.3 | 2024-07-03 21:33:48 | Deep Dive |
| CVE-2024-6382 | Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands. | MongoDB Inc | MongoDB Rust Driver | Medium | 6.4 | 2024-07-02 17:17:50 | Deep Dive |
| CVE-2024-6381 | MongoDB C Driver bson_strfreev may be susceptible to integer overflow | MongoDB Inc | libbson | Medium | 4.0 | 2024-07-02 17:14:49 | Deep Dive |
| CVE-2024-6376 | ejson shell parser in MongoDB Compass maybe bypassed | MongoDB Inc | MongoDB Compass | High | 7.0 | 2024-07-01 14:57:32 | Deep Dive |
| CVE-2024-6375 | Missing authorization check may lead to shard key refinement | MongoDB Inc | MongoDB Server | Medium | 5.4 | 2024-07-01 14:40:33 | Deep Dive |
| CVE-2024-5629 | Out-of-bounds read in bson module of PyMongo | MongoDB Inc | PyMongo | Medium | 4.7 | 2024-06-05 14:32:56 | Deep Dive |
| CVE-2024-3374 | MongoDB Server (mongod) may crash when generating ftdc | MongoDB Inc | MongoDB Server | Medium | 5.3 | 2024-05-14 13:26:42 | Deep Dive |
| CVE-2024-3372 | MongoDB Server may have unexpected application behaviour due to invalid BSON | MongoDB Inc | MongoDB Server | High | 7.5 | 2024-05-14 13:24:05 | Deep Dive |
| CVE-2024-3371 | Insufficient validation of external input in Compass may enable MITM attacks | MongoDB Inc | MongoDB Compass | High | 7.1 | 2024-04-24 16:32:07 | Deep Dive |
| CVE-2024-1351 | MongoDB Server may allow successful untrusted connection | MongoDB Inc | MongoDB Server | High | 8.8 | 2024-03-07 16:10:20 | Deep Dive |
| CVE-2023-0437 | MongoDB client C Driver may infinitely loop when validating certain BSON input data | MongoDB Inc | MongoDB C Driver | Medium | 5.3 | 2024-01-12 13:33:40 | Deep Dive |
| CVE-2023-0436 | Secret logging may occur in debug mode of Atlas Operator | MongoDB Inc | MongoDB Atlas Kubernetes Operator | Medium | 4.5 | 2023-11-07 11:44:48 | Deep Dive |
| CVE-2021-32050 | Some MongoDB Drivers may publish events containing authentication-related data to a command listener configured by an application | MongoDB Inc | MongoDB C Driver | Medium | 4.2 | 2023-08-29 15:24:30 | Deep Dive |
| CVE-2023-1409 | Certificate validation issue in MongoDB Server running on Windows or macOS | MongoDB Inc | MongoDB Server | Medium | 5.3 | 2023-08-23 15:21:43 | Deep Dive |
| CVE-2023-4009 | Privilege Escalation for Project Owner and Project User Admin Roles in Ops Manager | MongoDB Inc. | MongoDB Ops Manager | High | 7.2 | 2023-08-08 08:37:21 | Deep Dive |