Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

MongoDB Inc. — Vulnerabilities & Security Advisories 50

Browse all 50 CVE security advisories affecting MongoDB Inc.. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by MongoDB Inc.:MongoDB ServerMongoDB Ops Managerjs-bsonMongoDB Enterprise Kubernetes OperatorMongoDB Database ToolsMongoDB Node.js Driver mongodb-client-encryption modulemongo-java-driverMongoDB Go DriverMongoDB C# DriverMongoDB Rust DriverMongoDB CompassMongoDB for VS CodeServerC Driver
CVE IDTitleCVSSSeverityPublished
CVE-2026-6231 bson_validate may skip validation when processing certain inputs — C DriverCWE-20 4.3 Medium2026-04-13
CVE-2025-14847 Zlib compressed protocol header length confusion may allow memory read — MongoDB ServerCWE-130 7.5 High2025-12-19
CVE-2025-14345 Cross-Shard Failovers May Lead to Partial Transaction Commit in MongoDB Server — MongoDB ServerCWE-667 4.2 Medium2025-12-09
CVE-2025-13644 MongoDB may be susceptible to Invariant Failure due to batched delete — MongoDB ServerCWE-617 6.5 Medium2025-11-25
CVE-2025-13643 MongoDB Server may allow queries to be terminated by unauthorized users — MongoDB ServerCWE-862 3.1 Low2025-11-25
CVE-2025-12893 Improper Certificate Validation May Allow Successful TLS Handshaking Despite Invalid Extended Key Usage Fields in MongoDB Server — MongoDB ServerCWE-295 4.2 Medium2025-11-25
CVE-2025-13507 Time-series operations may cause internal BSON size limit to be exceed — MongoDB ServerCWE-1284 6.5 Medium2025-11-25
CVE-2025-12657 Malformed KMIP response may result in access violation — MongoDB ServerCWE-754 5.0 Medium2025-11-03
CVE-2025-11979 Use-after-free in the MongoDB server query planner may lead to crash or undefined behavior — ServerCWE-416 5.3 Medium2025-10-20
CVE-2023-4009 Privilege Escalation for Project Owner and Project User Admin Roles in Ops Manager — MongoDB Ops ManagerCWE-648 7.2 High2023-08-08
CVE-2023-0342 MongoDB Ops Manager may disclose sensitive information in Diagnostic Archive — MongoDB Ops ManagerCWE-497 3.1 Low2023-06-09
CVE-2022-24272 MongoDB Server (mongod) may crash in response to unexpected requests — MongoDB ServerCWE-617 6.5 Medium2022-04-21
CVE-2021-32040 Large aggregation pipelines with a specific stage can crash mongod under default configuration — MongoDB ServerCWE-121 6.5 Medium2022-04-12
CVE-2021-32036 Denial of Service and Data Integrity vulnerability in features command — MongoDB ServerCWE-770 5.4 Medium2022-02-04
CVE-2021-32039 MongoDB Extension for VS Code may unexpectedly store credentials locally in clear text — MongoDB for VS CodeCWE-522 5.5 Medium2022-01-20
CVE-2021-20330 Specific replication command with malformed oplog entries can crash secondaries — MongoDB ServerCWE-20 6.5 Medium2021-12-15
CVE-2021-32037 User may trigger invariant when allowed to send commands directly to shards — MongoDB ServerCWE-617 6.5 Medium2021-11-24
CVE-2021-20332 MongoDB Rust Driver may publish events containing authentication-related data to a connection pool event listener configured by an application — MongoDB Rust DriverCWE-200 4.2 Medium2021-08-02
CVE-2021-20333 Server log entry spoofing via newline injection — MongoDB ServerCWE-117 5.3 Medium2021-07-23
CVE-2021-20329 Specific cstrings input may not be properly validated in the Go Driver — MongoDB Go DriverCWE-1287 6.8 Medium2021-06-10
CVE-2021-20331 MongoDB C# Driver may publish events containing authentication-related data to a command listener configured by an application — MongoDB C# DriverCWE-200 4.2 Medium2021-05-13
CVE-2021-20326 Specially crafted query may result in a denial of service of mongod — MongoDB ServerCWE-20 6.5 Medium2021-04-30
CVE-2020-7924 Specific command line parameter might result in accepting invalid certificate — MongoDB Database ToolsCWE-295 4.2 Medium2021-04-12
CVE-2021-20334 Local privilege escalation in MongoDB Compass for Windows — MongoDB CompassCWE-269 4.8 Medium2021-04-06
CVE-2018-25004 Invariant failure when explaining a find with a UUID — MongoDB ServerCWE-20 4.9 Medium2021-03-01
CVE-2020-7929 Specially crafted regex query can cause DoS — MongoDB ServerCWE-185 6.5 Medium2021-03-01
CVE-2021-20328 MongoDB Java driver client-side field level encryption not verifying KMS host name — mongo-java-driverCWE-295 6.4 Medium2021-02-25
CVE-2021-20327 MongoDB Node.js client side field level encryption library may not be validating KMS certificate — MongoDB Node.js Driver mongodb-client-encryption moduleCWE-295 6.4 Medium2021-02-25
CVE-2021-20335 SSL may be unexpectedly disabled during upgrade of multiple-server MongoDB Ops Manager — MongoDB Ops ManagerCWE-319 6.7 Medium2021-02-11
CVE-2019-20925 Denial of service via malformed network packet — MongoDB ServerCWE-839 7.5 High2020-11-24

This page lists every published CVE security advisory associated with MongoDB Inc.. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.