Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

MongoDB Inc. — Vulnerabilities & Security Advisories 52

Browse all 52 CVE security advisories affecting MongoDB Inc.. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MongoDB Inc. develops a popular document-oriented NoSQL database designed for high-volume data storage and flexible schema management. With fifty recorded Common Vulnerabilities and Exposures (CVEs), the platform has historically faced issues ranging from remote code execution and cross-site scripting to privilege escalation flaws. These vulnerabilities often stem from improper input validation, authentication bypasses, or insecure default configurations in earlier releases. Notable incidents include critical flaws allowing unauthenticated access to administrative interfaces, highlighting risks associated with default settings in production environments. The company actively addresses these concerns through regular security patches and updates, emphasizing the importance of proper configuration and timely maintenance. While the software remains widely adopted for its scalability, the frequency of CVEs underscores the necessity for rigorous security hygiene and continuous monitoring to mitigate potential exploitation vectors in enterprise deployments.

Top products by MongoDB Inc.: MongoDB Server MongoDB Ops Manager js-bson MongoDB Enterprise Kubernetes Operator MongoDB Database Tools MongoDB Node.js Driver mongodb-client-encryption module mongo-java-driver MongoDB Go Driver MongoDB C# Driver MongoDB Rust Driver MongoDB Compass MongoDB for VS Code Server C Driver MongoDB C Driver
CVE IDTitleCVSSSeverityPublished
CVE-2021-20335 SSL may be unexpectedly disabled during upgrade of multiple-server MongoDB Ops Manager — MongoDB Ops ManagerCWE-319 6.7 Medium2021-02-11
CVE-2019-20925 Denial of service via malformed network packet — MongoDB ServerCWE-839 7.5 High2020-11-24
CVE-2020-7927 Potential privilege escalation in Ops Manager API — MongoDB Ops ManagerCWE-648 8.1 High2020-11-23
CVE-2018-20803 Infinite loop in aggregation expression — MongoDB ServerCWE-835 6.5 Medium2020-11-23
CVE-2020-7928 Improper neutralization of null byte leads to read overrun — MongoDB ServerCWE-158 6.5 Medium2020-11-23
CVE-2019-2393 Crash while joining collections with $lookup — MongoDB ServerCWE-416 6.5 Medium2020-11-23
CVE-2019-20923 Crash while handling internal Javascript exception types — MongoDB ServerCWE-749 6.5 Medium2020-11-23
CVE-2019-20924 Invariant in IndexBoundsBuilder — MongoDB ServerCWE-394 6.5 Medium2020-11-23
CVE-2019-2392 $mod can result in undefined behavior — MongoDB ServerCWE-190 6.5 Medium2020-11-23
CVE-2018-20805 Invariant with $elemMatch — MongoDB ServerCWE-834 6.5 Medium2020-11-23
CVE-2018-20802 Post-auth queries on compound index may crash mongod — MongoDB ServerCWE-394 6.5 Medium2020-11-23
CVE-2018-20804 Invariant failure in applyOps — MongoDB ServerCWE-20 6.5 Medium2020-11-23
CVE-2020-7926 Specific query can cause a DoS against MongoDB Server — MongoDB ServerCWE-755 6.5 Medium2020-11-23
CVE-2020-7925 Denial of Service when processing malformed Role names — MongoDB ServerCWE-475 7.5 High2020-11-23
CVE-2020-7923 Specific GeoQuery can cause DoS against MongoDB Server — MongoDB ServerCWE-755 6.5 Medium2020-08-21
CVE-2019-2388 Potential exposure of log information in Ops Manager — MongoDB Ops ManagerCWE-425 5.8 Medium2020-05-13
CVE-2020-7921 Administrative action may disable enforcement of per-user IP whitelisting — MongoDB ServerCWE-182 4.6 Medium2020-05-06
CVE-2020-7922 Kubernetes Operator generates potentially insecure certificates — MongoDB Enterprise Kubernetes OperatorCWE-295 6.4 Medium2020-04-09
CVE-2019-2391 JS-bson may incorrectly serialise some requests — js-bsonCWE-502 4.2 Medium2020-03-31
CVE-2019-2389 Process termination via PID file manipulation — MongoDB ServerCWE-732 5.3 Medium2019-08-30
CVE-2019-2390 Code execution on Windows via OpenSSL engine injection — MongoDB ServerCWE-94 8.2 High2019-08-30
CVE-2019-2386 Authorization session conflation — MongoDB ServerCWE-285 7.1 High2019-08-06

This page lists every published CVE security advisory associated with MongoDB Inc.. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.