Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
MongoosejsMongoose

4 matches found

CVE
CVEadded 2023/07/17 1:15 a.m.144 views

CVE-2023-3696

Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4.

10CVSS9.4AI score0.00265EPSS
CVE
CVEadded 2019/10/10 2:5 a.m.122 views

CVE-2019-17426

Automattic Mongoose through 5.7.4 allows attackers to bypass access control (in some applications) because any query object with a _bsontype attribute is ignored. For example, adding "_bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work arou...

9.1CVSS9AI score0.00237EPSS
CVE
CVEadded 2025/01/15 5:15 a.m.120 views

CVE-2025-23061

Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to search injection. NOTE: this issue exists because of an incomplete fix for CVE-2024-53900.

9CVSS9.4AI score0.00138EPSS
CVE
CVEadded 2022/07/28 8:15 p.m.98 views

CVE-2022-2564

Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6.

9.8CVSS8.1AI score0.01331EPSS