Software Detail

Software Informaton Top

Database

Software Detail

MongoDB Comunity Server

Number Of NVD

CRITICAL

HIGH

MEDIUM

LOW

URL	https://www.mongodb.com/
Explanation	MongoDB is an open source software document-oriented database. It is developed and supported by MongoDB Inc. The above text is excerpted from [https://ja.wikipedia.org/wiki/MongoDB]. Unlike RDB, it is a Key:Value type database like Json. Since it can be registered in a flexible data format, it is effective when the data format cannot be decided at the beginning. For systems that do not require transaction processing, it allows for fast data manipulation. You can build a better system by using RDB and MongoDB in different ways. “Major Release” means a version of the MongoDB Server identified by a change in the number to the left of the first decimal point (X.x.x). “Rapid Release” means a version of the MongoDB Server identified by a change in the middle number in between the two decimal points (x.X.x). "Patch Release" means a version of the MongoDB Server identified by a change in the number to the right of the second decimal point (x.x.X).
Tag	オープンソース SSPL 商用ライセンス有り

Add Information URL

No	Type	Name	URL
1			https://www.mongodb.com/support-policy
2			https://www.mongodb.com/docs/upcoming/reference/versioning/#std-label-release-version-numbers
3			https://www.mongodb.com/support-policy/lifecycles
4			https://docs.mongodb.com/master/release-notes/
5			https://github.com/mongodb/mongo
6			https://docs.mongodb.com/manual/administration/security-checklist/

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium
11	MongoDB 7.0	7.0.21	April 29, 2025	Aug. 15, 2023		0	4	7
12	MongoDB 6.0	6.0.24	April 29, 2025	July 4, 2022	July 31, 2025	0	3	4
13	MongoDB 5.3	5.3.2	June 23, 2022	March 23, 2022	June 30, 2022	0	0	0
14	MongoDB 5.2	5.2.1	Feb. 24, 2022	Jan. 19, 2022	April 30, 2022	0	0	0
15	MongoDB 5.1	5.1.1	Nov. 9, 2021	Nov. 9, 2021	June 30, 2025	0	0	0
16	MongoDB 5.0	5.0.31	Jan. 28, 2025	July 13, 2021	Oct. 31, 2024	0	5	4
17	MongoDB 4.4	4.4.4	Jan. 4, 2021	July 1, 2020	April 30, 2024	0	4	5
18	MongoDB 4.2	4.2.8	June 15, 2020	Aug. 1, 2019	April 30, 2023	0	4	8
19	MongoDB 4.0	4.0.28	Jan. 31, 2022	June 1, 2018	April 30, 2022	0	4	15
20	MongoDB 3.6	3.6.22	Feb. 8, 2021	Nov. 1, 2017	April 30, 2021	0	4	12
21	MongoDB 3.4	3.4.24	Jan. 27, 2020	Nov. 1, 2016	Jan. 31, 2020	1	4	2
22	MongoDB 3.2	3.2.22	Dec. 28, 2018	Oct. 1, 2015	Oct. 30, 2018	0	1	1
23	MongoDB 4.9	4.9.0			Jan. 1, 2000	0	0	0
24	MongoDB 4.8	4.8.0			Jan. 1, 2000	0	0	0
25	MongoDB 4.7	4.7.0			Jan. 1, 2000	0	0	0
26	MongoDB 4.5	4.5.1			Jan. 1, 2000	0	0	1
27	MongoDB 4.3	4.3.3			Jan. 1, 2000	0	3	7
28	MongoDB 3.4	3.4.9			Jan. 1, 2000	1	6	16
29	MongoDB 3.3	3.3.9			Jan. 1, 2000	0	1	1
30	MongoDB 3.2	3.2.9			Jan. 1, 2000	0	1	1
31	MongoDB 3.0	3.0.9			Jan. 1, 2000	0	2	1
32	MongoDB 2.6	2.6.9			Jan. 1, 2000	0	2	3
33	MongoDB 2.5	2.5.1			Jan. 1, 2000	0	1	3
34	MongoDB 2.4	2.4.9			Jan. 1, 2000	0	2	5
35	MongoDB 2.3	2.3.1			Jan. 1, 2000	0	1	4
36	MongoDB 2.2	2.2.7			Jan. 1, 2000	0	1	5
37	MongoDB 2.0	2.0.8			Jan. 1, 2000	0	1	5
38	MongoDB 1.8	1.8.0			Jan. 1, 2000	0	0	5
39	MongoDB 1.7	1.7.0			Jan. 1, 2000	0	1	5
40	MongoDB 1.6	1.6.0			Jan. 1, 2000	0	0	5
41	MongoDB 1.4	1.4.0			Jan. 1, 2000	0	0	5
42	MongoDB 1.2	1.2.0			Jan. 1, 2000	0	0	5
43	MongoDB 0.8	0.8.0			Jan. 1, 2000	0	0	5
44	MongoDB 0.7	0.7.0			Jan. 1, 2000	0	0	6
45	MongoDB 0.6	0.6.9			Jan. 1, 2000	0	0	6
46	MongoDB 0.5	0.5.0			Jan. 1, 2000	0	0	6
47	MongoDB 0.4	0.4.2			Jan. 1, 2000	0	0	6
48	MongoDB 0.3	0.3.0			Jan. 1, 2000	0	0	6
49	MongoDB 0.2	0.2.1			Jan. 1, 2000	0	0	6
50	MongoDB 0.1	0.1.1			Jan. 1, 2000	0	0	6
51	MongoDB 0.0	0.0.1			Jan. 1, 2000	0	0	6

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
11	6.7 -	MEDIUM Local	In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cau…	CWE-610 Externally Controlled Reference to a Resource in Another Sphere	CVE-2024-8207	cpe:2.3:a:mongodb:mongodb::	5.0.0 6.0.0 6.1.0		5.0.14 6.0.3 6.1.1	2024-08-30 22:07 2024-08-27	Show	GitHub Exploit DB Packet Storm

12	5.3 -	MEDIUM Network	"Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16,…	NVD-CWE-noinfo	CVE-2024-6384	cpe:2.3:a:mongodb:mongodb::	6.0.0 7.0.0 7.3.0		6.0.16 7.0.11 7.3.3	2024-11-21 18:49 2024-08-14	Show	GitHub Exploit DB Packet Storm

13	7.8 -	HIGH Local	Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing…	NVD-CWE-noinfo	CVE-2024-7553	cpe:2.3:a:mongodb:mongodb::	6.0.0 7.0.0 7.3.0 5.0.0		6.0.16 7.0.12 7.3.3 5.0.27	2024-09-20 05:46 2024-08-7	Show	GitHub Exploit DB Packet Storm

14	6.5 -	MEDIUM Network	A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revea…	CWE-862 Missing Authorization	CVE-2024-6375	cpe:2.3:a:mongodb:mongodb::	7.0.0 6.0.0 5.0.0		7.0.3 6.0.11 5.0.22	2024-11-21 18:49 2024-07-2	Show	GitHub Exploit DB Packet Storm

15	7.5 -	HIGH Network	If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. Linux), it is …	CWE-295 Improper Certificate Validation	CVE-2023-1409	cpe:2.3:a:mongodb:mongodb::	4.4.0 5.0.0 6.0.0 6.3.0	5.0.14 6.3.2	4.4.23 6.0.7	2024-11-21 16:39 2023-08-24	Show	GitHub Exploit DB Packet Storm

16	6.5 4.0	MEDIUM Network	An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongod denial of service or server crash. Th…	CWE-617 Reachable Assertion	CVE-2022-24272	cpe:2.3:a:mongodb:mongodb::	5.0.0	5.0.6		2024-11-21 15:50 2022-04-21	Show	GitHub Exploit DB Packet Storm

17	7.5 5.0	HIGH Network	It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If a…	CWE-787 Out-of-bounds Write	CVE-2021-32040	cpe:2.3:a:mongodb:mongodb::	5.0.0 4.4.0 4.2.0		5.0.4 4.4.11 4.2.16	2024-11-21 15:06 2022-04-13	Show	GitHub Exploit DB Packet Storm

18	7.1 5.5	HIGH Network	An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention.…	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2021-32036	cpe:2.3:a:mongodb:mongodb::	5.0.0 4.4.0 2.0.0		5.0.4 4.4.10 4.2.18	2024-11-21 15:06 2022-02-5	Show	GitHub Exploit DB Packet Storm

19	5.5 2.1	MEDIUM Local	Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to …	CWE-522 Insufficiently Protected Credentials	CVE-2021-32039	cpe:2.3:a:mongodb:mongodb::		0.7.0		2024-11-21 15:06 2022-01-21	Show	GitHub Exploit DB Packet Storm

20	6.5 4.0	MEDIUM Network	An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This…	CWE-20 Improper Input Validation	CVE-2021-20330	cpe:2.3:a:mongodb:mongodb::	4.4.0 4.0.0 4.2.0		4.4.6 4.0.25 4.2.14	2024-11-21 14:46 2021-12-15	Show	GitHub Exploit DB Packet Storm