Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
MongoDB Comunity Server Number Of NVD 55 CRITICAL 1 HIGH 15 MEDIUM 39 LOW 0
URL https://www.mongodb.com/
Explanation MongoDB is an open source software document-oriented database. It is developed and supported by MongoDB Inc.

The above text is excerpted from [https://ja.wikipedia.org/wiki/MongoDB].

Unlike RDB, it is a Key:Value type database like Json.
Since it can be registered in a flexible data format, it is effective when the data format cannot be decided at the beginning.
For systems that do not require transaction processing, it allows for fast data manipulation.
You can build a better system by using RDB and MongoDB in different ways.

“Major Release” means a version of the MongoDB Server identified by a change in the number to the left of the first decimal point (X.x.x).


“Rapid Release” means a version of the MongoDB Server identified by a change in the middle number in between the two decimal points (x.X.x).

"Patch Release" means a version of the MongoDB Server identified by a change in the number to the right of the second decimal point (x.x.X).
Tag
  • SSPL
  • 商用ライセンス有り
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.mongodb.com/support-policy
2 https://www.mongodb.com/docs/upcoming/reference/versioning/#std-label-release-version-numbers
3 https://www.mongodb.com/support-policy/lifecycles
4 https://docs.mongodb.com/master/release-notes/
5 https://github.com/mongodb/mongo
6 https://docs.mongodb.com/manual/administration/security-checklist/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
41 MongoDB 7.0 7.0.21 April 29, 2025 Aug. 15, 2023 0 4 7 0
42 MongoDB 6.0 6.0.24 April 29, 2025 July 4, 2022 July 31, 2025 0 3 4 0
43 MongoDB 5.3 5.3.2 June 23, 2022 March 23, 2022 June 30, 2022 0 0 0 0
44 MongoDB 5.2 5.2.1 Feb. 24, 2022 Jan. 19, 2022 April 30, 2022 0 0 0 0
45 MongoDB 5.1 5.1.1 Nov. 9, 2021 Nov. 9, 2021 June 30, 2025 0 0 0 0
46 MongoDB 5.0 5.0.31 Jan. 28, 2025 July 13, 2021 Oct. 31, 2024 0 5 4 0
47 MongoDB 4.4 4.4.4 Jan. 4, 2021 July 1, 2020 April 30, 2024 0 4 5 0
48 MongoDB 4.2 4.2.8 June 15, 2020 Aug. 1, 2019 April 30, 2023 0 4 8 0
49 MongoDB 4.0 4.0.28 Jan. 31, 2022 June 1, 2018 April 30, 2022 0 4 15 0
50 MongoDB 3.6 3.6.22 Feb. 8, 2021 Nov. 1, 2017 April 30, 2021 0 4 12 0
51 MongoDB 3.4 3.4.24 Jan. 27, 2020 Nov. 1, 2016 Jan. 31, 2020 1 4 2 0
52 MongoDB 3.2 3.2.22 Dec. 28, 2018 Oct. 1, 2015 Oct. 30, 2018 0 1 1 0
53 MongoDB 4.9 4.9.0 Jan. 1, 2000 0 0 0 0
54 MongoDB 4.8 4.8.0 Jan. 1, 2000 0 0 0 0
55 MongoDB 4.7 4.7.0 Jan. 1, 2000 0 0 0 0
56 MongoDB 4.5 4.5.1 Jan. 1, 2000 0 0 1 0
57 MongoDB 4.3 4.3.3 Jan. 1, 2000 0 3 7 0
58 MongoDB 3.4 3.4.9 Jan. 1, 2000 1 6 16 0
59 MongoDB 3.3 3.3.9 Jan. 1, 2000 0 1 1 0
60 MongoDB 3.2 3.2.9 Jan. 1, 2000 0 1 1 0
61 MongoDB 3.0 3.0.9 Jan. 1, 2000 0 2 1 0
62 MongoDB 2.6 2.6.9 Jan. 1, 2000 0 2 3 0
63 MongoDB 2.5 2.5.1 Jan. 1, 2000 0 1 3 0
64 MongoDB 2.4 2.4.9 Jan. 1, 2000 0 2 5 0
65 MongoDB 2.3 2.3.1 Jan. 1, 2000 0 1 4 0
66 MongoDB 2.2 2.2.7 Jan. 1, 2000 0 1 5 0
67 MongoDB 2.0 2.0.8 Jan. 1, 2000 0 1 5 0
68 MongoDB 1.8 1.8.0 Jan. 1, 2000 0 0 5 0
69 MongoDB 1.7 1.7.0 Jan. 1, 2000 0 1 5 0
70 MongoDB 1.6 1.6.0 Jan. 1, 2000 0 0 5 0
71 MongoDB 1.4 1.4.0 Jan. 1, 2000 0 0 5 0
72 MongoDB 1.2 1.2.0 Jan. 1, 2000 0 0 5 0
73 MongoDB 0.8 0.8.0 Jan. 1, 2000 0 0 5 0
74 MongoDB 0.7 0.7.0 Jan. 1, 2000 0 0 6 0
75 MongoDB 0.6 0.6.9 Jan. 1, 2000 0 0 6 0
76 MongoDB 0.5 0.5.0 Jan. 1, 2000 0 0 6 0
77 MongoDB 0.4 0.4.2 Jan. 1, 2000 0 0 6 0
78 MongoDB 0.3 0.3.0 Jan. 1, 2000 0 0 6 0
79 MongoDB 0.2 0.2.1 Jan. 1, 2000 0 0 6 0
80 MongoDB 0.1 0.1.1 Jan. 1, 2000 0 0 6 0
81 MongoDB 0.0 0.0.1 Jan. 1, 2000 0 0 6 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
41 4.2
1.9 		MEDIUM
Local 		Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the Mo… CWE-20
 Improper Input Validation  		CVE-2019-2389 cpe:2.3:a:mongodb:mongodb:*:* 3.4.0
3.6.0
4.0.0



3.4.22
3.6.14
4.0.11 		2024-11-21 13:40
2019-08-31 		Show GitHub Exploit DB Packet Storm
42 7.1
6.0 		HIGH
Network 		After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts r… CWE-613
 Insufficient Session Expiration 		CVE-2019-2386 cpe:2.3:a:mongodb:mongodb:*:* 4.0.0
3.6.0
3.4.0



4.0.9
3.6.13
3.4.22 		2024-11-21 13:40
2019-08-7 		Show GitHub Exploit DB Packet Storm
43 8.1
6.8 		HIGH
Network 		Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access. CWE-287
Improper Authentication 		CVE-2015-7882 cpe:2.3:a:mongodb:mongodb:*:* 3.0.0 3.0.6 2024-11-21 11:37
2019-07-20 		Show GitHub Exploit DB Packet Storm
44 7.0
1.9 		HIGH
Local 		The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. An… CWE-522
 Insufficiently Protected Credentials 		CVE-2017-2665 cpe:2.3:a:mongodb:mongodb:-:* 2024-11-21 12:23
2018-07-6 		Show GitHub Exploit DB Packet Storm
45 9.1
6.4 		CRITICAL
Network 		MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enab… NVD-CWE-noinfo
CVE-2017-15535 cpe:2.3:a:mongodb:mongodb:*:* 3.4.0 3.4.10 2024-11-21 12:14
2017-11-1 		Show GitHub Exploit DB Packet Storm
46 7.5
5.0 		HIGH
Network 		In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based b… CWE-125
Out-of-bounds Read 		CVE-2017-14227 cpe:2.3:a:mongodb:mongodb:1.7.0:* 2024-11-21 12:12
2017-09-9 		Show GitHub Exploit DB Packet Storm
47 7.5
5.0 		HIGH
Network 		mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representa… CWE-400
 Uncontrolled Resource Consumption 		CVE-2016-3104 cpe:2.3:a:mongodb:mongodb:2.6.0:*
cpe:2.3:a:mongodb:mongodb:2.4.0:* 		2024-11-21 11:49
2017-04-15 		Show GitHub Exploit DB Packet Storm
48 5.5
2.1 		MEDIUM
Local 		The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files. CWE-200
Information Exposure 		CVE-2016-6494 cpe:2.3:a:mongodb:mongodb:*:* 3.2
3.3



3.2.14
3.3.14
3.0.15 		2024-11-21 11:56
2016-10-4 		Show GitHub Exploit DB Packet Storm
49 -
5.0 		MEDIUM MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request. CWE-20
 Improper Input Validation  		CVE-2015-1609 cpe:2.3:a:mongodb:mongodb:2.6.7:*
cpe:2.3:a:mongodb:mongodb:2.6.6:*
cpe:2.3:a:mongodb:mongodb:2.6.5:*
cpe:2.3:… 		2.4.12 2024-11-21 11:25
2015-03-30 		Show GitHub Exploit DB Packet Storm
50 -
5.0 		MEDIUM The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) … CWE-20
 Improper Input Validation  		CVE-2014-3971 cpe:2.3:a:mongodb:mongodb:2.6.1:*
cpe:2.3:a:mongodb:mongodb:2.6.0:* 		2024-11-21 11:09
2014-12-25 		Show GitHub Exploit DB Packet Storm