Software Detail

Software Informaton Top

Database

Software Detail

MongoDB Comunity Server

Number Of NVD

CRITICAL

HIGH

MEDIUM

LOW

URL	https://www.mongodb.com/
Explanation	MongoDB is an open source software document-oriented database. It is developed and supported by MongoDB Inc. The above text is excerpted from [https://ja.wikipedia.org/wiki/MongoDB]. Unlike RDB, it is a Key:Value type database like Json. Since it can be registered in a flexible data format, it is effective when the data format cannot be decided at the beginning. For systems that do not require transaction processing, it allows for fast data manipulation. You can build a better system by using RDB and MongoDB in different ways. “Major Release” means a version of the MongoDB Server identified by a change in the number to the left of the first decimal point (X.x.x). “Rapid Release” means a version of the MongoDB Server identified by a change in the middle number in between the two decimal points (x.X.x). "Patch Release" means a version of the MongoDB Server identified by a change in the number to the right of the second decimal point (x.x.X).
Tag	SSPL 商用ライセンス有りオープンソース

Add Information URL

No	Type	Name	URL
1			https://www.mongodb.com/support-policy
2			https://www.mongodb.com/docs/upcoming/reference/versioning/#std-label-release-version-numbers
3			https://www.mongodb.com/support-policy/lifecycles
4			https://docs.mongodb.com/master/release-notes/
5			https://github.com/mongodb/mongo
6			https://docs.mongodb.com/manual/administration/security-checklist/

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium
21	MongoDB 7.0	7.0.21	April 29, 2025	Aug. 15, 2023		0	4	7
22	MongoDB 6.0	6.0.24	April 29, 2025	July 4, 2022	July 31, 2025	0	3	4
23	MongoDB 5.3	5.3.2	June 23, 2022	March 23, 2022	June 30, 2022	0	0	0
24	MongoDB 5.2	5.2.1	Feb. 24, 2022	Jan. 19, 2022	April 30, 2022	0	0	0
25	MongoDB 5.1	5.1.1	Nov. 9, 2021	Nov. 9, 2021	June 30, 2025	0	0	0
26	MongoDB 5.0	5.0.31	Jan. 28, 2025	July 13, 2021	Oct. 31, 2024	0	5	4
27	MongoDB 4.4	4.4.4	Jan. 4, 2021	July 1, 2020	April 30, 2024	0	4	5
28	MongoDB 4.2	4.2.8	June 15, 2020	Aug. 1, 2019	April 30, 2023	0	4	8
29	MongoDB 4.0	4.0.28	Jan. 31, 2022	June 1, 2018	April 30, 2022	0	4	15
30	MongoDB 3.6	3.6.22	Feb. 8, 2021	Nov. 1, 2017	April 30, 2021	0	4	12
31	MongoDB 3.4	3.4.24	Jan. 27, 2020	Nov. 1, 2016	Jan. 31, 2020	1	4	2
32	MongoDB 3.2	3.2.22	Dec. 28, 2018	Oct. 1, 2015	Oct. 30, 2018	0	1	1
33	MongoDB 4.9	4.9.0			Jan. 1, 2000	0	0	0
34	MongoDB 4.8	4.8.0			Jan. 1, 2000	0	0	0
35	MongoDB 4.7	4.7.0			Jan. 1, 2000	0	0	0
36	MongoDB 4.5	4.5.1			Jan. 1, 2000	0	0	1
37	MongoDB 4.3	4.3.3			Jan. 1, 2000	0	3	7
38	MongoDB 3.4	3.4.9			Jan. 1, 2000	1	6	16
39	MongoDB 3.3	3.3.9			Jan. 1, 2000	0	1	1
40	MongoDB 3.2	3.2.9			Jan. 1, 2000	0	1	1
41	MongoDB 3.0	3.0.9			Jan. 1, 2000	0	2	1
42	MongoDB 2.6	2.6.9			Jan. 1, 2000	0	2	3
43	MongoDB 2.5	2.5.1			Jan. 1, 2000	0	1	3
44	MongoDB 2.4	2.4.9			Jan. 1, 2000	0	2	5
45	MongoDB 2.3	2.3.1			Jan. 1, 2000	0	1	4
46	MongoDB 2.2	2.2.7			Jan. 1, 2000	0	1	5
47	MongoDB 2.0	2.0.8			Jan. 1, 2000	0	1	5
48	MongoDB 1.8	1.8.0			Jan. 1, 2000	0	0	5
49	MongoDB 1.7	1.7.0			Jan. 1, 2000	0	1	5
50	MongoDB 1.6	1.6.0			Jan. 1, 2000	0	0	5
51	MongoDB 1.4	1.4.0			Jan. 1, 2000	0	0	5
52	MongoDB 1.2	1.2.0			Jan. 1, 2000	0	0	5
53	MongoDB 0.8	0.8.0			Jan. 1, 2000	0	0	5
54	MongoDB 0.7	0.7.0			Jan. 1, 2000	0	0	6
55	MongoDB 0.6	0.6.9			Jan. 1, 2000	0	0	6
56	MongoDB 0.5	0.5.0			Jan. 1, 2000	0	0	6
57	MongoDB 0.4	0.4.2			Jan. 1, 2000	0	0	6
58	MongoDB 0.3	0.3.0			Jan. 1, 2000	0	0	6
59	MongoDB 0.2	0.2.1			Jan. 1, 2000	0	0	6
60	MongoDB 0.1	0.1.1			Jan. 1, 2000	0	0	6
61	MongoDB 0.0	0.0.1			Jan. 1, 2000	0	0	6

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
21	6.5 4.0	MEDIUM Network	An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and sp…	CWE-617 Reachable Assertion	CVE-2021-32037	cpe:2.3:a:mongodb:mongodb::	5.0.0	5.0.2		2024-11-21 15:06 2021-11-25	Show	GitHub Exploit DB Packet Storm

22	5.3 5.0	MEDIUM Network	Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split. This issue affects MongoDB Server v3.6 versions prior to 3.…	CWE-116 Improper Encoding or Escaping of Output	CVE-2021-20333	cpe:2.3:a:mongodb:mongodb::	3.6.0 4.0.0 4.2.0		3.6.20 4.0.21 4.2.10	2024-11-21 14:46 2021-07-23	Show	GitHub Exploit DB Packet Storm

23	6.5 4.0	MEDIUM Network	A user authorized to performing a specific type of find query may trigger a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.4.	CWE-732 Incorrect Permission Assignment for Critical Resource	CVE-2021-20326	cpe:2.3:a:mongodb:mongodb::	4.4.0		4.4.4	2024-11-21 14:46 2021-04-30	Show	GitHub Exploit DB Packet Storm

24	4.9 4.0	MEDIUM Network	A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to…	CWE-20 Improper Input Validation	CVE-2018-25004	cpe:2.3:a:mongodb:mongodb::	4.0.0 3.6.0		4.0.6 3.6.11	2024-11-21 13:03 2021-03-2	Show	GitHub Exploit DB Packet Storm

25	6.5 4.0	MEDIUM Network	A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects MongoDB Server v3.6 versions prior to 3.6.21…	NVD-CWE-Other	CVE-2020-7929	cpe:2.3:a:mongodb:mongodb::	4.0.0 3.6.0		4.0.20 3.6.21	2024-11-21 14:38 2021-03-2	Show	GitHub Exploit DB Packet Storm

26	7.5 5.0	HIGH Network	An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects Mo…	CWE-697 Incorrect Comparison	CVE-2019-20925	cpe:2.3:a:mongodb:mongodb::	3.6.0 4.0.0 4.2.0 3.4.0		3.6.15 4.0.13 4.2.1 3.4.24	2024-11-21 13:39 2020-11-24	Show	GitHub Exploit DB Packet Storm

27	6.5 4.0	MEDIUM Network	A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which loop indefinitely in mathematics processing while retaining locks. This issue a…	CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')	CVE-2018-20803	cpe:2.3:a:mongodb:mongodb::	3.4.0 3.6.0 4.0.0		3.4.19 3.6.10 4.0.5	2024-11-21 13:02 2020-11-24	Show	GitHub Exploit DB Packet Storm

28	6.5 4.0	MEDIUM Network	A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects MongoDB Server v4.4 versions prior to 4.4…	NVD-CWE-Other	CVE-2020-7928	cpe:2.3:a:mongodb:mongodb::	3.6.0 4.0.0 4.2.0 4.4.0 4.5.0		3.6.20 4.0.20 4.2.9 4.4.1 4.5.1	2024-11-21 14:38 2020-11-24	Show	GitHub Exploit DB Packet Storm

29	6.5 4.0	MEDIUM Network	A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. This issue affects MongoDB Server v4.2 versions pri…	CWE-416 Use After Free	CVE-2019-2393	cpe:2.3:a:mongodb:mongodb::	3.6.0 4.0.0 4.2.0		3.6.15 4.0.13 4.2.1	2024-11-21 13:40 2020-11-24	Show	GitHub Exploit DB Packet Storm

30	6.5 4.0	MEDIUM Network	A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. This issue affects: MongoDB …	CWE-190 Integer Overflow or Wraparound	CVE-2019-2392	cpe:2.3:a:mongodb:mongodb::	3.6.0 4.0.0 4.2.0 4.4.0		3.6.20 4.0.20 4.2.9 4.4.1	2024-11-21 13:40 2020-11-24	Show	GitHub Exploit DB Packet Storm