Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

MongoDB Inc — Vulnerabilities & Security Advisories 61

Browse all 61 CVE security advisories affecting MongoDB Inc. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by MongoDB Inc:MongoDB ServermongoshMongoDB C DriverMongoDB CompasslibbsonMongoDB .NET/C# DriverMongoDB Atlas Kubernetes OperatorPyMongoMongoDB Rust DrivermongocryptdMongoDB Connector for BIMongoDB Ruby DriverMongoDB Go Driver
CVE IDTitleCVSSSeverityPublished
CVE-2025-3084 MongoDB Server may crash due to improper validation of explain command — MongoDB ServerCWE-703 6.5 Medium2025-04-01
CVE-2025-3083 Malformed MongoDB wire protocol messages may cause mongos to crash — MongoDB ServerCWE-248 7.5 High2025-04-01
CVE-2025-3082 User may override a view's collation and gain unauthorized access to underlying data — MongoDB ServerCWE-284 3.1 Low2025-04-01
CVE-2025-0755 MongoDB C Driver bson library may be susceptible to buffer overflow — libbsonCWE-122 8.4 High2025-03-18
CVE-2025-1756 MongoDB Shell may be susceptible to local privilege escalation in Windows — mongoshCWE-426 7.5 High2025-02-27
CVE-2025-1755 MongoDB Compass may be susceptible to local privilege escalation in Windows — MongoDB CompassCWE-426 7.5 High2025-02-27
CVE-2025-1693 MongoDB Shell may be susceptible to control character Injection via shell output — mongoshCWE-150 3.9 Low2025-02-27
CVE-2025-1692 MongoDB Shell may be susceptible to control character injection via pasting — mongoshCWE-150 6.3 Medium2025-02-27
CVE-2025-1691 MongoDB Shell may be susceptible to Control Character Injection via autocomplete — mongoshCWE-74 7.6 High2025-02-27
CVE-2024-10921 Improper neutralization of null bytes may lead to buffer over-reads in MongoDB Server — MongoDB ServerCWE-158 6.8 Medium2024-11-14
CVE-2024-8013 CSFLE and Queryable Encryption self-lookup may fail to encrypt values in subpipelines — mongocryptdCWE-319 2.2 Low2024-10-28
CVE-2024-8305 MongoDB Server secondaries may crash due to forced index constraints — MongoDB ServerCWE-1288 6.5 Medium2024-10-21
CVE-2024-8654 MongoDB Server may access non-initialized region of memory leading to unexpected behaviour — MongoDB ServerCWE-908 5.0 Medium2024-09-10
CVE-2024-8207 MongoDB Server binaries may load potentially insecure shared libraries from specific relative paths — MongoDB ServerCWE-114 6.4 Medium2024-08-27
CVE-2024-6384 Backup files may be downloaded by underprivileged users in MongoDB Enterprise Server — MongoDB ServerCWE-285 5.3 Medium2024-08-13
CVE-2024-7553 Accessing Untrusted Directory May Allow Local Privilege Escalation — MongoDB ServerCWE-284 7.3 High2024-08-07
CVE-2024-6383 MongoDB C Driver bson_string_append may be vulnerable to a buffer overflow — libbsonCWE-122 5.3 Medium2024-07-03
CVE-2024-6382 Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands. — MongoDB Rust DriverCWE-228 6.4 Medium2024-07-02
CVE-2024-6381 MongoDB C Driver bson_strfreev may be susceptible to integer overflow — libbsonCWE-680 4.0 Medium2024-07-02
CVE-2024-6376 ejson shell parser in MongoDB Compass maybe bypassed — MongoDB CompassCWE-20 7.0 High2024-07-01
CVE-2024-6375 Missing authorization check may lead to shard key refinement — MongoDB ServerCWE-285 5.4 Medium2024-07-01
CVE-2024-5629 Out-of-bounds read in bson module of PyMongo — PyMongoCWE-125 4.7 Medium2024-06-05
CVE-2024-3374 MongoDB Server (mongod) may crash when generating ftdc — MongoDB ServerCWE-617 5.3 Medium2024-05-14
CVE-2024-3372 MongoDB Server may have unexpected application behaviour due to invalid BSON — MongoDB ServerCWE-20 7.5 High2024-05-14
CVE-2024-3371 Insufficient validation of external input in Compass may enable MITM attacks — MongoDB CompassCWE-360 7.1 High2024-04-24
CVE-2024-1351 MongoDB Server may allow successful untrusted connection — MongoDB ServerCWE-295 8.8 High2024-03-07
CVE-2023-0437 MongoDB client C Driver may infinitely loop when validating certain BSON input data — MongoDB C DriverCWE-835 5.3 Medium2024-01-12
CVE-2023-0436 Secret logging may occur in debug mode of Atlas Operator — MongoDB Atlas Kubernetes OperatorCWE-532 4.5 Medium2023-11-07
CVE-2021-32050 Some MongoDB Drivers may publish events containing authentication-related data to a command listener configured by an application — MongoDB C DriverCWE-200 4.2 Medium2023-08-29
CVE-2023-1409 Certificate validation issue in MongoDB Server running on Windows or macOS — MongoDB ServerCWE-295 5.3 Medium2023-08-23

This page lists every published CVE security advisory associated with MongoDB Inc. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.