OsVault/npm/mongodb
npm2 critical

mongodb

23 known vulnerabilities · 2 critical · 1 high

CVE-2021-32050MEDIUM

MongoDB Driver may publish events containing authentication-related data

Published Aug 29, 2023
CVE-2022-39396CRITICAL

Remote code execution via MongoDB BSON parser through prototype pollution

Published Nov 8, 2022
MAL-2025-191517

Malicious code in mongodb-atlas-cli-toc-generator (npm)

Published Dec 1, 2025
MAL-2022-4694

Malicious code in moonbeam-mongodb (npm)

Published Jun 20, 2022
CVE-2025-1692

MongoDB Shell may be susceptible to control character injection via pasting

Published Feb 27, 2025
MAL-2025-48301

Malicious code in mongodb-orn (npm)

Published Oct 10, 2025
CVE-2025-1693

MongoDB Shell may be susceptible to control character Injection via shell output

Published Feb 27, 2025
CVE-2026-32730

ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware

Published Mar 18, 2026
MAL-2025-191518

Malicious code in mongodb-compass (npm)

Published Dec 1, 2025
CVE-2023-36475CRITICAL

Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution

Published Jun 30, 2023
CVE-2025-1691

MongoDB Shell may be susceptible to Control Character Injection via autocomplete

Published Feb 27, 2025
CVE-2016-10572HIGH

Downloads Resources over HTTP in mongodb-instance

Published Feb 18, 2019
MAL-2022-4686

Malicious code in mongodb-stitch-browser-testutils (npm)

Published Jul 26, 2022
MAL-2025-47890

Malicious code in mongodb-cd (npm)

Published Oct 2, 2025
CVE-2024-6376

ejson shell parser in MongoDB Compass maybe bypassed

Published Jul 1, 2024
MAL-2025-855

Malicious code in mongodb-chatbot-verified-answers (npm)

Published Feb 3, 2025
CVE-2026-29793

Feathers has a NoSQL Injection via WebSocket id Parameter in MongoDB Adapter

Published Mar 10, 2026
MAL-2025-191519

Malicious code in mongodb-stitch-server-testutils (npm)

Published Dec 1, 2025
MAL-2025-191358

Malicious code in @voiceflow/nestjs-mongodb (npm)

Published Nov 25, 2025
MAL-2025-3793

Malicious code in mongoose-mongodb (npm)

Published May 14, 2025
MAL-2026-5957

Malicious code in @mastra/mongodb (npm)

Published Jun 17, 2026
GHSA-jpq7-226w-6cxx

n8n: NoSQL Injection in MongoDB Node Find And Replace Operation

Published Jun 16, 2026
GHSA-98xf-r82g-9mhx

LangGraph has NoSQL parameter injection in MongoDBSaver, allowing cross-tenant state access

Published Jun 12, 2026
Check your entire dependency tree at onceRun dependency scan →