Software Detail
Title
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
Number of items displayed
MongoDB Comunity Server Number Of NVD 41 CRITICAL 1 HIGH 11 MEDIUM 29 LOW 0
URL https://www.mongodb.com/
Explanation MongoDB is an open source software document-oriented database. It is developed and supported by MongoDB Inc.

The above text is excerpted from [https://ja.wikipedia.org/wiki/MongoDB].

Unlike RDB, it is a Key:Value type database like Json.
Since it can be registered in a flexible data format, it is effective when the data format cannot be decided at the beginning.
For systems that do not require transaction processing, it allows for fast data manipulation.
You can build a better system by using RDB and MongoDB in different ways.

“Major Release” means a version of the MongoDB Server identified by a change in the number to the left of the first decimal point (X.x.x).


“Rapid Release” means a version of the MongoDB Server identified by a change in the middle number in between the two decimal points (x.X.x).

"Patch Release" means a version of the MongoDB Server identified by a change in the number to the right of the second decimal point (x.x.X).
Tag
  • 商用ライセンス有り
  • オープンソース
  • SSPL
Add Information URL
No Type Name URL
1 https://www.mongodb.com/support-policy
2 https://www.mongodb.com/docs/upcoming/reference/versioning/#std-label-release-version-numbers
3 https://www.mongodb.com/support-policy/lifecycles
4 https://docs.mongodb.com/master/release-notes/
5 https://github.com/mongodb/mongo
6 https://docs.mongodb.com/manual/administration/security-checklist/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
1 MongoDB 7.0 7.0.1 Sept. 5, 2023 Aug. 15, 2023 0 0 0 0
2 MongoDB 6.0 6.0.15 Nov. 27, 2023 July 4, 2022 July 31, 2025 0 1 0 0
3 MongoDB 5.3 5.3.2 June 23, 2022 March 23, 2022 June 30, 2022 0 0 0 0
4 MongoDB 5.2 5.2.1 Feb. 24, 2022 Jan. 19, 2022 April 30, 2022 0 0 0 0
5 MongoDB 5.1 5.1.1 Nov. 9, 2021 Nov. 9, 2021 June 30, 2025 0 0 0 0
6 MongoDB 5.0 5.0.26 March 26, 2024 July 13, 2021 Oct. 31, 2024 0 3 2 0
7 MongoDB 4.4 4.4.4 Jan. 4, 2021 July 1, 2020 April 30, 2024 0 4 5 0
8 MongoDB 4.2 4.2.8 June 15, 2020 Aug. 1, 2019 April 30, 2023 0 4 8 0
9 MongoDB 4.0 4.0.28 Jan. 31, 2022 June 1, 2018 April 30, 2022 0 4 15 0
10 MongoDB 3.6 3.6.22 Feb. 8, 2021 Nov. 1, 2017 April 30, 2021 0 4 12 0
11 MongoDB 3.4 3.4.24 Jan. 27, 2020 Nov. 1, 2016 Jan. 31, 2020 1 4 2 0
12 MongoDB 3.2 3.2.22 Dec. 28, 2018 Oct. 1, 2015 Oct. 30, 2018 0 1 1 0
13 MongoDB 4.9 4.9.0 Jan. 1, 2000 0 0 0 0
14 MongoDB 4.8 4.8.0 Jan. 1, 2000 0 0 0 0
15 MongoDB 4.7 4.7.0 Jan. 1, 2000 0 0 0 0
16 MongoDB 4.5 4.5.1 Jan. 1, 2000 0 0 1 0
17 MongoDB 4.3 4.3.3 Jan. 1, 2000 0 3 7 0
18 MongoDB 3.4 3.4.9 Jan. 1, 2000 1 6 16 0
19 MongoDB 3.3 3.3.9 Jan. 1, 2000 0 1 1 0
20 MongoDB 3.2 3.2.9 Jan. 1, 2000 0 1 1 0
21 MongoDB 3.0 3.0.9 Jan. 1, 2000 0 2 1 0
22 MongoDB 2.6 2.6.9 Jan. 1, 2000 0 2 3 0
23 MongoDB 2.5 2.5.1 Jan. 1, 2000 0 1 3 0
24 MongoDB 2.4 2.4.9 Jan. 1, 2000 0 2 5 0
25 MongoDB 2.3 2.3.1 Jan. 1, 2000 0 1 4 0
26 MongoDB 2.2 2.2.7 Jan. 1, 2000 0 1 5 0
27 MongoDB 2.0 2.0.8 Jan. 1, 2000 0 1 5 0
28 MongoDB 1.8 1.8.0 Jan. 1, 2000 0 0 5 0
29 MongoDB 1.7 1.7.0 Jan. 1, 2000 0 1 5 0
30 MongoDB 1.6 1.6.0 Jan. 1, 2000 0 0 5 0
31 MongoDB 1.4 1.4.0 Jan. 1, 2000 0 0 5 0
32 MongoDB 1.2 1.2.0 Jan. 1, 2000 0 0 5 0
33 MongoDB 0.8 0.8.0 Jan. 1, 2000 0 0 5 0
34 MongoDB 0.7 0.7.0 Jan. 1, 2000 0 0 6 0
35 MongoDB 0.6 0.6.9 Jan. 1, 2000 0 0 6 0
36 MongoDB 0.5 0.5.0 Jan. 1, 2000 0 0 6 0
37 MongoDB 0.4 0.4.2 Jan. 1, 2000 0 0 6 0
38 MongoDB 0.3 0.3.0 Jan. 1, 2000 0 0 6 0
39 MongoDB 0.2 0.2.1 Jan. 1, 2000 0 0 6 0
40 MongoDB 0.1 0.1.1 Jan. 1, 2000 0 0 6 0
41 MongoDB 0.0 0.0.1 Jan. 1, 2000 0 0 6 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
1 7.5
- 		HIGH
Network 		If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. Linux), it is … CWE-295
Improper Certificate Validation  		CVE-2023-1409 cpe:2.3:a:mongodb:mongodb:*:* 4.4.0
5.0.0
6.0.0
6.3.0
5.0.14

6.3.2


4.4.23

6.0.7
 2023-09-22 02:15
2023-08-24 		Show GitHub Exploit DB Packet Storm
2 6.5
4.0 		MEDIUM
Network 		An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongod denial of service or server crash. Th… CWE-617
 Reachable Assertion 		CVE-2022-24272 cpe:2.3:a:mongodb:mongodb:*:* 5.0.0 5.0.6 2022-05-12 05:14
2022-04-21 		Show GitHub Exploit DB Packet Storm
3 7.5
5.0 		HIGH
Network 		It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If a… CWE-787
 Out-of-bounds Write 		CVE-2021-32040 cpe:2.3:a:mongodb:mongodb:*:* 5.0.0
4.4.0
4.2.0



5.0.4
4.4.11
4.2.16 		2024-02-24 01:15
2022-04-13 		Show GitHub Exploit DB Packet Storm
4 7.1
5.5 		HIGH
Network 		An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention.… CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2021-32036 cpe:2.3:a:mongodb:mongodb:*:* 5.0.0
4.4.0
2.0.0



5.0.4
4.4.10
4.2.18 		2024-01-24 02:15
2022-02-5 		Show GitHub Exploit DB Packet Storm
5 5.5
2.1 		MEDIUM
Local 		Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to … CWE-522
 Insufficiently Protected Credentials 		CVE-2021-32039 cpe:2.3:a:mongodb:mongodb:*:* 0.7.0 2024-01-24 02:15
2022-01-21 		Show GitHub Exploit DB Packet Storm
6 6.5
4.0 		MEDIUM
Network 		An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This… CWE-20
 Improper Input Validation  		CVE-2021-20330 cpe:2.3:a:mongodb:mongodb:*:* 4.4.0
4.0.0
4.2.0



4.4.6
4.0.25
4.2.14 		2024-01-24 01:15
2021-12-15 		Show GitHub Exploit DB Packet Storm
7 6.5
4.0 		MEDIUM
Network 		An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and sp… CWE-617
 Reachable Assertion 		CVE-2021-32037 cpe:2.3:a:mongodb:mongodb:*:* 5.0.0 5.0.2 2024-01-24 02:15
2021-11-25 		Show GitHub Exploit DB Packet Storm
8 5.3
5.0 		MEDIUM
Network 		Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split. This issue affects MongoDB Server v3.6 versions prior to 3.… CWE-116
 Improper Encoding or Escaping of Output 		CVE-2021-20333 cpe:2.3:a:mongodb:mongodb:*:* 3.6.0
4.0.0
4.2.0



3.6.20
4.0.21
4.2.10 		2024-01-24 02:15
2021-07-23 		Show GitHub Exploit DB Packet Storm
9 6.5
4.0 		MEDIUM
Network 		A user authorized to performing a specific type of find query may trigger a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.4. CWE-732
 Incorrect Permission Assignment for Critical Resource 		CVE-2021-20326 cpe:2.3:a:mongodb:mongodb:*:* 4.4.0 4.4.4 2024-01-24 01:15
2021-04-30 		Show GitHub Exploit DB Packet Storm
10 4.9
4.0 		MEDIUM
Network 		A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to… CWE-20
 Improper Input Validation  		CVE-2018-25004 cpe:2.3:a:mongodb:mongodb:*:* 4.0.0
3.6.0

4.0.6
3.6.11 		2024-01-24 00:15
2021-03-2 		Show GitHub Exploit DB Packet Storm