| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-0342 | MongoDB Ops Manager may disclose sensitive information in Diagnostic Archive | MongoDB Inc. | MongoDB Ops Manager | Low | 3.1 | 2023-06-09 00:00:00 | Deep Dive |
| CVE-2022-48282 | Deserializing compromised object with MongoDB .NET/C# Driver may cause remote code execution | MongoDB Inc | MongoDB .NET/C# Driver | Medium | 6.6 | 2023-02-21 18:35:12 | Deep Dive |
| CVE-2022-22980 | Spring Data MongoDB 安全漏洞 | - | Spring Data MongoDB | 超危 | - | 2022-06-22 13:56:00 | Deep Dive |
| CVE-2022-24272 | MongoDB Server (mongod) may crash in response to unexpected requests | MongoDB Inc. | MongoDB Server | Medium | 6.5 | 2022-04-21 10:45:12 | Deep Dive |
| CVE-2021-32040 | Large aggregation pipelines with a specific stage can crash mongod under default configuration | MongoDB Inc. | MongoDB Server | Medium | 6.5 | 2022-04-12 14:15:17 | Deep Dive |
| CVE-2021-32036 | Denial of Service and Data Integrity vulnerability in features command | MongoDB Inc. | MongoDB Server | Medium | 5.4 | 2022-02-04 22:33:08 | Deep Dive |
| CVE-2021-32039 | MongoDB Extension for VS Code may unexpectedly store credentials locally in clear text | MongoDB Inc. | MongoDB for VS Code | Medium | 5.5 | 2022-01-20 14:50:10 | Deep Dive |
| CVE-2021-20330 | Specific replication command with malformed oplog entries can crash secondaries | MongoDB Inc. | MongoDB Server | Medium | 6.5 | 2021-12-15 12:30:10 | Deep Dive |
| CVE-2021-32037 | User may trigger invariant when allowed to send commands directly to shards | MongoDB Inc. | MongoDB Server | Medium | 6.5 | 2021-11-24 10:40:11 | Deep Dive |
| CVE-2021-20332 | MongoDB Rust Driver may publish events containing authentication-related data to a connection pool event listener configured by an application | MongoDB Inc. | MongoDB Rust Driver | Medium | 4.2 | 2021-08-02 12:50:10 | Deep Dive |
| CVE-2021-20333 | Server log entry spoofing via newline injection | MongoDB Inc. | MongoDB Server | Medium | 5.3 | 2021-07-23 11:25:11 | Deep Dive |
| CVE-2021-20329 | Specific cstrings input may not be properly validated in the Go Driver | MongoDB Inc. | MongoDB Go Driver | Medium | 6.8 | 2021-06-10 16:30:11 | Deep Dive |
| CVE-2021-20331 | MongoDB C# Driver may publish events containing authentication-related data to a command listener configured by an application | MongoDB Inc. | MongoDB C# Driver | Medium | 4.2 | 2021-05-13 07:40:12 | Deep Dive |
| CVE-2021-20326 | Specially crafted query may result in a denial of service of mongod | MongoDB Inc. | MongoDB Server | Medium | 6.5 | 2021-04-30 09:10:14 | Deep Dive |
| CVE-2020-7924 | Specific command line parameter might result in accepting invalid certificate | MongoDB Inc. | MongoDB Database Tools | Medium | 4.2 | 2021-04-12 16:25:11 | Deep Dive |
| CVE-2021-20334 | Local privilege escalation in MongoDB Compass for Windows | MongoDB Inc. | MongoDB Compass | Medium | 4.8 | 2021-04-06 16:45:20 | Deep Dive |
| CVE-2018-25004 | Invariant failure when explaining a find with a UUID | MongoDB Inc. | MongoDB Server | Medium | 4.9 | 2021-03-01 16:15:14 | Deep Dive |
| CVE-2020-7929 | Specially crafted regex query can cause DoS | MongoDB Inc. | MongoDB Server | Medium | 6.5 | 2021-03-01 16:05:17 | Deep Dive |
| CVE-2021-20328 | MongoDB Java driver client-side field level encryption not verifying KMS host name | MongoDB Inc. | mongo-java-driver | Medium | 6.4 | 2021-02-25 16:30:15 | Deep Dive |
| CVE-2021-20327 | MongoDB Node.js client side field level encryption library may not be validating KMS certificate | MongoDB Inc. | MongoDB Node.js Driver mongodb-client-encryption module | Medium | 6.4 | 2021-02-25 16:25:11 | Deep Dive |