mongoose

17 known vulnerabilities · 2 critical · 1 high

CVE-2022-2564CRITICAL

automattic/mongoose vulnerable to Prototype pollution via Schema.path

Published Jul 29, 2022

CVE-2022-24304

Mongoose Vulnerable to Prototype Pollution in Schema Object

Published Aug 27, 2022

CVE-2023-3696CRITICAL

Mongoose Prototype Pollution vulnerability

Published Jul 17, 2023

CVE-2024-53900

Mongoose search injection vulnerability

Published Dec 2, 2024

MAL-2025-190692

Malicious code in atrix-mongoose (npm)

Published Nov 24, 2025

MAL-2025-3907

Malicious code in mongooses-db (npm)

Published May 16, 2025

MAL-2025-2635

Malicious code in @sensort/mongoose (npm)

Published Mar 25, 2025

MAL-2025-2636

Malicious code in @sensort/mongoose-migrations (npm)

Published Mar 25, 2025

MAL-2025-192398

Malicious code in database-mongoose-kit (npm)

Published Dec 10, 2025

MAL-2024-10562

Malicious code in mongoose-4 (npm)

Published Nov 8, 2024

MAL-2026-1200

Malicious code in mongoose-apis (npm)

Published Mar 3, 2026

MAL-2026-2675

Malicious code in mongoose-stamps (npm)

Published Apr 15, 2026

MAL-2025-190679

Malicious code in @trigo/atrix-mongoose (npm)

Published Nov 24, 2025

MAL-2025-3793

Malicious code in mongoose-mongodb (npm)

Published May 14, 2025

CVE-2016-10533HIGH

Private Data Disclosure in express-restify-mongoose

Published Oct 23, 2018

MAL-2026-711

Malicious code in mongoose_update (npm)

Published Feb 4, 2026

MAL-2025-3193

Malicious code in mongoose-to-json (npm)

Published Apr 9, 2025

Check your entire dependency tree at onceRun dependency scan →