Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

MongoDB Inc. — Vulnerabilities & Security Advisories 52

Browse all 52 CVE security advisories affecting MongoDB Inc.. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MongoDB Inc. develops a popular document-oriented NoSQL database designed for high-volume data storage and flexible schema management. With fifty recorded Common Vulnerabilities and Exposures (CVEs), the platform has historically faced issues ranging from remote code execution and cross-site scripting to privilege escalation flaws. These vulnerabilities often stem from improper input validation, authentication bypasses, or insecure default configurations in earlier releases. Notable incidents include critical flaws allowing unauthenticated access to administrative interfaces, highlighting risks associated with default settings in production environments. The company actively addresses these concerns through regular security patches and updates, emphasizing the importance of proper configuration and timely maintenance. While the software remains widely adopted for its scalability, the frequency of CVEs underscores the necessity for rigorous security hygiene and continuous monitoring to mitigate potential exploitation vectors in enterprise deployments.

Found 34 results / 52Clear Filters
Top products by MongoDB Inc.: MongoDB Server MongoDB Ops Manager js-bson MongoDB Enterprise Kubernetes Operator MongoDB Database Tools MongoDB Node.js Driver mongodb-client-encryption module mongo-java-driver MongoDB Go Driver MongoDB C# Driver MongoDB Rust Driver MongoDB Compass MongoDB for VS Code Server C Driver MongoDB C Driver
CVE IDTitleCVSSSeverityPublished
CVE-2026-8063 Post-auth null pointer dereference when aggregating against a view with empty search pipeline — MongoDB ServerCWE-476 6.5 Medium2026-05-07
CVE-2025-14847 Zlib compressed protocol header length confusion may allow memory read — MongoDB ServerCWE-130 7.5 High2025-12-19
CVE-2025-14345 Cross-Shard Failovers May Lead to Partial Transaction Commit in MongoDB Server — MongoDB ServerCWE-667 4.2 Medium2025-12-09
CVE-2025-13644 MongoDB may be susceptible to Invariant Failure due to batched delete — MongoDB ServerCWE-617 6.5 Medium2025-11-25
CVE-2025-13643 MongoDB Server may allow queries to be terminated by unauthorized users — MongoDB ServerCWE-862 3.1 Low2025-11-25
CVE-2025-12893 Improper Certificate Validation May Allow Successful TLS Handshaking Despite Invalid Extended Key Usage Fields in MongoDB Server — MongoDB ServerCWE-295 4.2 Medium2025-11-25
CVE-2025-13507 Time-series operations may cause internal BSON size limit to be exceed — MongoDB ServerCWE-1284 6.5 Medium2025-11-25
CVE-2025-12657 Malformed KMIP response may result in access violation — MongoDB ServerCWE-754 5.0 Medium2025-11-03
CVE-2022-24272 MongoDB Server (mongod) may crash in response to unexpected requests — MongoDB ServerCWE-617 6.5 Medium2022-04-21
CVE-2021-32040 Large aggregation pipelines with a specific stage can crash mongod under default configuration — MongoDB ServerCWE-121 6.5 Medium2022-04-12
CVE-2021-32036 Denial of Service and Data Integrity vulnerability in features command — MongoDB ServerCWE-770 5.4 Medium2022-02-04
CVE-2021-20330 Specific replication command with malformed oplog entries can crash secondaries — MongoDB ServerCWE-20 6.5 Medium2021-12-15
CVE-2021-32037 User may trigger invariant when allowed to send commands directly to shards — MongoDB ServerCWE-617 6.5 Medium2021-11-24
CVE-2021-20333 Server log entry spoofing via newline injection — MongoDB ServerCWE-117 5.3 Medium2021-07-23
CVE-2021-20326 Specially crafted query may result in a denial of service of mongod — MongoDB ServerCWE-20 6.5 Medium2021-04-30
CVE-2018-25004 Invariant failure when explaining a find with a UUID — MongoDB ServerCWE-20 4.9 Medium2021-03-01
CVE-2020-7929 Specially crafted regex query can cause DoS — MongoDB ServerCWE-185 6.5 Medium2021-03-01
CVE-2019-20925 Denial of service via malformed network packet — MongoDB ServerCWE-839 7.5 High2020-11-24
CVE-2018-20803 Infinite loop in aggregation expression — MongoDB ServerCWE-835 6.5 Medium2020-11-23
CVE-2020-7928 Improper neutralization of null byte leads to read overrun — MongoDB ServerCWE-158 6.5 Medium2020-11-23
CVE-2019-2393 Crash while joining collections with $lookup — MongoDB ServerCWE-416 6.5 Medium2020-11-23
CVE-2019-20923 Crash while handling internal Javascript exception types — MongoDB ServerCWE-749 6.5 Medium2020-11-23
CVE-2019-20924 Invariant in IndexBoundsBuilder — MongoDB ServerCWE-394 6.5 Medium2020-11-23
CVE-2019-2392 $mod can result in undefined behavior — MongoDB ServerCWE-190 6.5 Medium2020-11-23
CVE-2018-20805 Invariant with $elemMatch — MongoDB ServerCWE-834 6.5 Medium2020-11-23
CVE-2018-20802 Post-auth queries on compound index may crash mongod — MongoDB ServerCWE-394 6.5 Medium2020-11-23
CVE-2018-20804 Invariant failure in applyOps — MongoDB ServerCWE-20 6.5 Medium2020-11-23
CVE-2020-7926 Specific query can cause a DoS against MongoDB Server — MongoDB ServerCWE-755 6.5 Medium2020-11-23
CVE-2020-7925 Denial of Service when processing malformed Role names — MongoDB ServerCWE-475 7.5 High2020-11-23
CVE-2020-7923 Specific GeoQuery can cause DoS against MongoDB Server — MongoDB ServerCWE-755 6.5 Medium2020-08-21

This page lists every published CVE security advisory associated with MongoDB Inc.. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.