| MongoDB Comunity Server | Number Of NVD | 55 | CRITICAL | 1 | HIGH | 15 | MEDIUM | 39 | LOW | 0 |
| URL | https://www.mongodb.com/ | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Explanation | MongoDB is an open source software document-oriented database. It is developed and supported by MongoDB Inc. The above text is excerpted from [https://ja.wikipedia.org/wiki/MongoDB]. Unlike RDB, it is a Key:Value type database like Json. Since it can be registered in a flexible data format, it is effective when the data format cannot be decided at the beginning. For systems that do not require transaction processing, it allows for fast data manipulation. You can build a better system by using RDB and MongoDB in different ways. “Major Release” means a version of the MongoDB Server identified by a change in the number to the left of the first decimal point (X.x.x). “Rapid Release” means a version of the MongoDB Server identified by a change in the middle number in between the two decimal points (x.X.x). "Patch Release" means a version of the MongoDB Server identified by a change in the number to the right of the second decimal point (x.x.X). |
||||||||
| Tag | |||||||||
| No | Type | Name | URL |
|---|---|---|---|
| 1 | https://www.mongodb.com/support-policy | ||
| 2 | https://www.mongodb.com/docs/upcoming/reference/versioning/#std-label-release-version-numbers | ||
| 3 | https://www.mongodb.com/support-policy/lifecycles | ||
| 4 | https://docs.mongodb.com/master/release-notes/ | ||
| 5 | https://github.com/mongodb/mongo | ||
| 6 | https://docs.mongodb.com/manual/administration/security-checklist/ |
| No | Name | Latest Version | Release date | Initial release | Normal Support | Security Support Service Pack Support |
Extended for a fee |
Critical | High | Medium | Low |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 51 | MongoDB 7.0 | 7.0.21 | April 29, 2025 | Aug. 15, 2023 | 0 | 4 | 7 | 0 | |||
| 52 | MongoDB 6.0 | 6.0.24 | April 29, 2025 | July 4, 2022 | July 31, 2025 | 0 | 3 | 4 | 0 | ||
| 53 | MongoDB 5.3 | 5.3.2 | June 23, 2022 | March 23, 2022 | June 30, 2022 | 0 | 0 | 0 | 0 | ||
| 54 | MongoDB 5.2 | 5.2.1 | Feb. 24, 2022 | Jan. 19, 2022 | April 30, 2022 | 0 | 0 | 0 | 0 | ||
| 55 | MongoDB 5.1 | 5.1.1 | Nov. 9, 2021 | Nov. 9, 2021 | June 30, 2025 | 0 | 0 | 0 | 0 | ||
| 56 | MongoDB 5.0 | 5.0.31 | Jan. 28, 2025 | July 13, 2021 | Oct. 31, 2024 | 0 | 5 | 4 | 0 | ||
| 57 | MongoDB 4.4 | 4.4.4 | Jan. 4, 2021 | July 1, 2020 | April 30, 2024 | 0 | 4 | 5 | 0 | ||
| 58 | MongoDB 4.2 | 4.2.8 | June 15, 2020 | Aug. 1, 2019 | April 30, 2023 | 0 | 4 | 8 | 0 | ||
| 59 | MongoDB 4.0 | 4.0.28 | Jan. 31, 2022 | June 1, 2018 | April 30, 2022 | 0 | 4 | 15 | 0 | ||
| 60 | MongoDB 3.6 | 3.6.22 | Feb. 8, 2021 | Nov. 1, 2017 | April 30, 2021 | 0 | 4 | 12 | 0 | ||
| 61 | MongoDB 3.4 | 3.4.24 | Jan. 27, 2020 | Nov. 1, 2016 | Jan. 31, 2020 | 1 | 4 | 2 | 0 | ||
| 62 | MongoDB 3.2 | 3.2.22 | Dec. 28, 2018 | Oct. 1, 2015 | Oct. 30, 2018 | 0 | 1 | 1 | 0 | ||
| 63 | MongoDB 4.9 | 4.9.0 | Jan. 1, 2000 | 0 | 0 | 0 | 0 | ||||
| 64 | MongoDB 4.8 | 4.8.0 | Jan. 1, 2000 | 0 | 0 | 0 | 0 | ||||
| 65 | MongoDB 4.7 | 4.7.0 | Jan. 1, 2000 | 0 | 0 | 0 | 0 | ||||
| 66 | MongoDB 4.5 | 4.5.1 | Jan. 1, 2000 | 0 | 0 | 1 | 0 | ||||
| 67 | MongoDB 4.3 | 4.3.3 | Jan. 1, 2000 | 0 | 3 | 7 | 0 | ||||
| 68 | MongoDB 3.4 | 3.4.9 | Jan. 1, 2000 | 1 | 6 | 16 | 0 | ||||
| 69 | MongoDB 3.3 | 3.3.9 | Jan. 1, 2000 | 0 | 1 | 1 | 0 | ||||
| 70 | MongoDB 3.2 | 3.2.9 | Jan. 1, 2000 | 0 | 1 | 1 | 0 | ||||
| 71 | MongoDB 3.0 | 3.0.9 | Jan. 1, 2000 | 0 | 2 | 1 | 0 | ||||
| 72 | MongoDB 2.6 | 2.6.9 | Jan. 1, 2000 | 0 | 2 | 3 | 0 | ||||
| 73 | MongoDB 2.5 | 2.5.1 | Jan. 1, 2000 | 0 | 1 | 3 | 0 | ||||
| 74 | MongoDB 2.4 | 2.4.9 | Jan. 1, 2000 | 0 | 2 | 5 | 0 | ||||
| 75 | MongoDB 2.3 | 2.3.1 | Jan. 1, 2000 | 0 | 1 | 4 | 0 | ||||
| 76 | MongoDB 2.2 | 2.2.7 | Jan. 1, 2000 | 0 | 1 | 5 | 0 | ||||
| 77 | MongoDB 2.0 | 2.0.8 | Jan. 1, 2000 | 0 | 1 | 5 | 0 | ||||
| 78 | MongoDB 1.8 | 1.8.0 | Jan. 1, 2000 | 0 | 0 | 5 | 0 | ||||
| 79 | MongoDB 1.7 | 1.7.0 | Jan. 1, 2000 | 0 | 1 | 5 | 0 | ||||
| 80 | MongoDB 1.6 | 1.6.0 | Jan. 1, 2000 | 0 | 0 | 5 | 0 | ||||
| 81 | MongoDB 1.4 | 1.4.0 | Jan. 1, 2000 | 0 | 0 | 5 | 0 | ||||
| 82 | MongoDB 1.2 | 1.2.0 | Jan. 1, 2000 | 0 | 0 | 5 | 0 | ||||
| 83 | MongoDB 0.8 | 0.8.0 | Jan. 1, 2000 | 0 | 0 | 5 | 0 | ||||
| 84 | MongoDB 0.7 | 0.7.0 | Jan. 1, 2000 | 0 | 0 | 6 | 0 | ||||
| 85 | MongoDB 0.6 | 0.6.9 | Jan. 1, 2000 | 0 | 0 | 6 | 0 | ||||
| 86 | MongoDB 0.5 | 0.5.0 | Jan. 1, 2000 | 0 | 0 | 6 | 0 | ||||
| 87 | MongoDB 0.4 | 0.4.2 | Jan. 1, 2000 | 0 | 0 | 6 | 0 | ||||
| 88 | MongoDB 0.3 | 0.3.0 | Jan. 1, 2000 | 0 | 0 | 6 | 0 | ||||
| 89 | MongoDB 0.2 | 0.2.1 | Jan. 1, 2000 | 0 | 0 | 6 | 0 | ||||
| 90 | MongoDB 0.1 | 0.1.1 | Jan. 1, 2000 | 0 | 0 | 6 | 0 | ||||
| 91 | MongoDB 0.0 | 0.0.1 | Jan. 1, 2000 | 0 | 0 | 6 | 0 |
| No | CVSS3 CVSS2 |
Level Attach Vector |
Title | CWE | CVE | cpe23Uri | or higher | or less | more than | less than | Update date Published date |
Show Affected | Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 51 |
- 6.4 |
MEDIUM | The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON obj… |
CWE-20
Improper Input Validation |
CVE-2012-6619 |
cpe:2.3:a:mongodb:mongodb:2.3.0:* cpe:2.3:a:mongodb:mongodb:2.2.7:* cpe:2.3:a:mongodb:mongodb:2.2.6:* cpe:2.3:… |
2.3.1 |
2024-11-21 10:46 2014-03-7 |
Show | GitHub Exploit DB Packet Storm | |||
| 52 |
- 6.5 |
MEDIUM | The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or possi… |
CWE-399
Resource Management Errors |
CVE-2013-3969 |
cpe:2.3:a:mongodb:mongodb:2.4.4:* cpe:2.3:a:mongodb:mongodb:2.4.3:* cpe:2.3:a:mongodb:mongodb:2.4.2:* cpe:2.3:… |
2024-11-21 10:54 2013-10-2 |
Show | GitHub Exploit DB Packet Storm | ||||
| 53 |
- 6.0 |
MEDIUM | MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (inv… |
CWE-20
Improper Input Validation |
CVE-2013-1892 |
cpe:2.3:a:mongodb:mongodb:2.2.3:* cpe:2.3:a:mongodb:mongodb:2.2.2:* cpe:2.3:a:mongodb:mongodb:2.2.1:* cpe:2.3:… |
2.0.8 |
2024-11-21 10:50 2013-10-2 |
Show | GitHub Exploit DB Packet Storm | |||
| 54 |
- 4.3 |
MEDIUM | bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) vi… |
NVD-CWE-Other
|
CVE-2013-2132 |
cpe:2.3:a:mongodb:mongodb:2.5.0:* cpe:2.3:a:mongodb:mongodb:2.4.5:* cpe:2.3:a:mongodb:mongodb:2.4.4:* cpe:2.3:… |
2.5.1 |
2024-11-21 10:51 2013-08-16 |
Show | GitHub Exploit DB Packet Storm | |||
| 55 |
- 6.5 |
MEDIUM | MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database. |
CWE-264
Permissions, Privileges, and Access Controls |
CVE-2013-4650 |
cpe:2.3:a:mongodb:mongodb:2.5.0:* cpe:2.3:a:mongodb:mongodb:2.4.4:* cpe:2.3:a:mongodb:mongodb:2.4.3:* cpe:2.3:… |
2024-11-21 10:55 2013-07-4 |
Show | GitHub Exploit DB Packet Storm |