MiracleLinux 8 : python36:3.6 (AXSA:2025-9998:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9998:01 advisory. python-pymongo: Out-of-bounds read in bson module CVE-2024-5629 Tenable has extracted the preceding description block directly from the MiracleLinux security...

EUVD-2021-1199

Malware in sbrugna...

EUVD-2022-0814

Malicious code in bioql PyPI...

02-sms-async (=1.0.0), 10tcl (=0.0.1) +8854 more potentially affected by CVE-2020-7610 via bson (>=0.0.4 <=1.1.1)

bson NPM version =0.0.4, =1.0.1, =1.0.7, =0.0.1, =0.0.2, =0.3.0, =0.1.4, =0.0.1, =0.1.0, =1.0.0 and more Source cves: CVE-2020-7610 Source advisory: OSV:GHSA-V8W9-2789-6HHR...

bson integer overflow vulnerability

BSON is a computer data interchange format that is a binary format for representing simple or complex data structures, including associative arrays also known as name/value pairs, integer-indexed arrays, and a set of basic scalar types. A security vulnerability exists in versions of bson prior to...

CVE-2020-7610

All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type...

BSON Code Issue Vulnerability

BSON is RubyGems organization of a class json convert an object to a binary number programming language implementation of the data format. A code issue vulnerability exists in versions of BSON prior to 1.1.4 that stems from deserializing untrusted data. An attacker could exploit this vulnerabilit...

CVE-2020-7610

All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type...

CVE-2020-7610

All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type...

Internal Property Tampering

Overview bson is a BSON Parser for node and browser. Affected versions of this package are vulnerable to Internal Property Tampering. The package will ignore an unknown value for an object's bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type...

GHSA-8462-Q7X7-G2X4 js-bson vulnerable to REDoS

The MongoDB bson JavaScript module also known as js-bson versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service ReDoS in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString function is called to parse a long untrusted string...

@abtnode/mongoose-nedb (=1.0.16), @alma/widgets (>=4.0.0 <=4.3.7) +271 more potentially affected by CVE-2018-13863 via bson (>=0.5.2 <=1.0.4)

bson NPM version =0.5.2, =4.0.0, =0.2.4, =0.2.4, =0.0.0, =0.4.1, =0.3.0, =0.2.0, =0.3.0, =0.3.0, =0.2.0, =0.0.1, =1.6.3-ml, =0.3.0, =0.0.1, =0.0.3 and more Source cves: CVE-2018-13863 Source advisory: OSV:GHSA-8462-Q7X7-G2X4...