Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

MongoDB Inc — Vulnerabilities & Security Advisories 61

Browse all 61 CVE security advisories affecting MongoDB Inc. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MongoDB Inc. develops a popular document-oriented NoSQL database designed for high-volume data storage and flexible schema management. Historically, its codebase has been associated with sixty-one recorded Common Vulnerabilities and Exposures, predominantly involving improper input validation and authentication bypasses. These flaws frequently enable remote code execution or unauthorized access, reflecting challenges in securing complex query parsers and network interfaces. While the company maintains a security response team and provides regular patches, the sheer volume of disclosed issues highlights the inherent risks in widely deployed, feature-rich database engines. Notable incidents have included critical flaws allowing unauthenticated data exfiltration, underscoring the necessity for rigorous configuration hardening. Organizations utilizing this platform must prioritize strict access controls and timely updates to mitigate the persistent threat landscape associated with its extensive attack surface and widespread adoption in enterprise environments.

Top products by MongoDB Inc: MongoDB Server mongosh MongoDB C Driver MongoDB Compass libbson MongoDB .NET/C# Driver MongoDB Atlas Kubernetes Operator PyMongo MongoDB Rust Driver mongocryptd MongoDB Connector for BI MongoDB Ruby Driver MongoDB Go Driver
CVE IDTitleCVSSSeverityPublished
CVE-2025-3084 MongoDB Server may crash due to improper validation of explain command — MongoDB ServerCWE-703 6.5 Medium2025-04-01
CVE-2025-3083 Malformed MongoDB wire protocol messages may cause mongos to crash — MongoDB ServerCWE-248 7.5 High2025-04-01
CVE-2025-3082 User may override a view's collation and gain unauthorized access to underlying data — MongoDB ServerCWE-284 3.1 Low2025-04-01
CVE-2025-0755 MongoDB C Driver bson library may be susceptible to buffer overflow — libbsonCWE-122 8.4 High2025-03-18
CVE-2025-1756 MongoDB Shell may be susceptible to local privilege escalation in Windows — mongoshCWE-426 7.5 High2025-02-27
CVE-2025-1755 MongoDB Compass may be susceptible to local privilege escalation in Windows — MongoDB CompassCWE-426 7.5 High2025-02-27
CVE-2025-1693 MongoDB Shell may be susceptible to control character Injection via shell output — mongoshCWE-150 3.9 Low2025-02-27
CVE-2025-1692 MongoDB Shell may be susceptible to control character injection via pasting — mongoshCWE-150 6.3 Medium2025-02-27
CVE-2025-1691 MongoDB Shell may be susceptible to Control Character Injection via autocomplete — mongoshCWE-74 7.6 High2025-02-27
CVE-2024-10921 Improper neutralization of null bytes may lead to buffer over-reads in MongoDB Server — MongoDB ServerCWE-158 6.8 Medium2024-11-14
CVE-2024-8013 CSFLE and Queryable Encryption self-lookup may fail to encrypt values in subpipelines — mongocryptdCWE-319 2.2 Low2024-10-28
CVE-2024-8305 MongoDB Server secondaries may crash due to forced index constraints — MongoDB ServerCWE-1288 6.5 Medium2024-10-21
CVE-2024-8654 MongoDB Server may access non-initialized region of memory leading to unexpected behaviour — MongoDB ServerCWE-908 5.0 Medium2024-09-10
CVE-2024-8207 MongoDB Server binaries may load potentially insecure shared libraries from specific relative paths — MongoDB ServerCWE-114 6.4 Medium2024-08-27
CVE-2024-6384 Backup files may be downloaded by underprivileged users in MongoDB Enterprise Server — MongoDB ServerCWE-285 5.3 Medium2024-08-13
CVE-2024-7553 Accessing Untrusted Directory May Allow Local Privilege Escalation — MongoDB ServerCWE-284 7.3 High2024-08-07
CVE-2024-6383 MongoDB C Driver bson_string_append may be vulnerable to a buffer overflow — libbsonCWE-122 5.3 Medium2024-07-03
CVE-2024-6382 Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands. — MongoDB Rust DriverCWE-228 6.4 Medium2024-07-02
CVE-2024-6381 MongoDB C Driver bson_strfreev may be susceptible to integer overflow — libbsonCWE-680 4.0 Medium2024-07-02
CVE-2024-6376 ejson shell parser in MongoDB Compass maybe bypassed — MongoDB CompassCWE-20 7.0 High2024-07-01
CVE-2024-6375 Missing authorization check may lead to shard key refinement — MongoDB ServerCWE-285 5.4 Medium2024-07-01
CVE-2024-5629 Out-of-bounds read in bson module of PyMongo — PyMongoCWE-125 4.7 Medium2024-06-05
CVE-2024-3374 MongoDB Server (mongod) may crash when generating ftdc — MongoDB ServerCWE-617 5.3 Medium2024-05-14
CVE-2024-3372 MongoDB Server may have unexpected application behaviour due to invalid BSON — MongoDB ServerCWE-20 7.5 High2024-05-14
CVE-2024-3371 Insufficient validation of external input in Compass may enable MITM attacks — MongoDB CompassCWE-360 7.1 High2024-04-24
CVE-2024-1351 MongoDB Server may allow successful untrusted connection — MongoDB ServerCWE-295 8.8 High2024-03-07
CVE-2023-0437 MongoDB client C Driver may infinitely loop when validating certain BSON input data — MongoDB C DriverCWE-835 5.3 Medium2024-01-12
CVE-2023-0436 Secret logging may occur in debug mode of Atlas Operator — MongoDB Atlas Kubernetes OperatorCWE-532 4.5 Medium2023-11-07
CVE-2021-32050 Some MongoDB Drivers may publish events containing authentication-related data to a command listener configured by an application — MongoDB C DriverCWE-200 4.2 Medium2023-08-29
CVE-2023-1409 Certificate validation issue in MongoDB Server running on Windows or macOS — MongoDB ServerCWE-295 5.3 Medium2023-08-23

This page lists every published CVE security advisory associated with MongoDB Inc. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.