Mongoose Security Vulnerabilities and Issues — Mongoose CVE List

Lucene search

MongoosejsMongoose

4 matches found

CVE•added 2023/07/17 1:15 a.m.•145 views

CVE-2023-3696

Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4.

10CVSS9.4AI score0.00265EPSS

CVE•added 2019/10/10 2:5 a.m.•122 views

CVE-2019-17426

Automattic Mongoose through 5.7.4 allows attackers to bypass access control (in some applications) because any query object with a _bsontype attribute is ignored. For example, adding "_bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work arou...

9.1CVSS9AI score0.00237EPSS

CVE•added 2025/01/15 5:15 a.m.•122 views

CVE-2025-23061

Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to search injection. NOTE: this issue exists because of an incomplete fix for CVE-2024-53900.

9CVSS9.4AI score0.01421EPSS

CVE•added 2022/07/28 8:15 p.m.•99 views

CVE-2022-2564

Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6.

9.8CVSS8.1AI score0.01331EPSS