VYPR

Mongoose

by Mongoosejs

npm: mongoose

CVEs (4)

  • CVE-2026-42334HigMay 14, 2026
    risk 0.49cvss 7.5epss 0.00

    Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Prior to 6.13.9, 7.8.9, 8.22.1, and 9.1.6, a vulnerability allows bypassing Mongoose’s sanitizeFilter query sanitization mechanism via the $nor operator. When sanitizeFilter is enabled,…

  • CVE-2018-10945HigJun 19, 2018
    risk 0.49cvss 7.5epss 0.01

    The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function.

  • CVE-2009-1354Apr 21, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in Mongoose 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.

  • CVE-2009-4530Dec 31, 2009
    risk 0.00cvss epss 0.01

    Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending ::$DATA to the URI.