Software Detail

Software Informaton Top

Database

Software Detail

MongoDB Comunity Server

Number Of NVD

CRITICAL

HIGH

MEDIUM

LOW

URL	https://www.mongodb.com/
Explanation	MongoDB is an open source software document-oriented database. It is developed and supported by MongoDB Inc. The above text is excerpted from [https://ja.wikipedia.org/wiki/MongoDB]. Unlike RDB, it is a Key:Value type database like Json. Since it can be registered in a flexible data format, it is effective when the data format cannot be decided at the beginning. For systems that do not require transaction processing, it allows for fast data manipulation. You can build a better system by using RDB and MongoDB in different ways. “Major Release” means a version of the MongoDB Server identified by a change in the number to the left of the first decimal point (X.x.x). “Rapid Release” means a version of the MongoDB Server identified by a change in the middle number in between the two decimal points (x.X.x). "Patch Release" means a version of the MongoDB Server identified by a change in the number to the right of the second decimal point (x.x.X).
Tag	商用ライセンス有りオープンソース SSPL

Add Information URL

No	Type	Name	URL
1			https://www.mongodb.com/support-policy
2			https://www.mongodb.com/docs/upcoming/reference/versioning/#std-label-release-version-numbers
3			https://www.mongodb.com/support-policy/lifecycles
4			https://docs.mongodb.com/master/release-notes/
5			https://github.com/mongodb/mongo
6			https://docs.mongodb.com/manual/administration/security-checklist/

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium
31	MongoDB 7.0	7.0.21	April 29, 2025	Aug. 15, 2023		0	4	7
32	MongoDB 6.0	6.0.24	April 29, 2025	July 4, 2022	July 31, 2025	0	3	4
33	MongoDB 5.3	5.3.2	June 23, 2022	March 23, 2022	June 30, 2022	0	0	0
34	MongoDB 5.2	5.2.1	Feb. 24, 2022	Jan. 19, 2022	April 30, 2022	0	0	0
35	MongoDB 5.1	5.1.1	Nov. 9, 2021	Nov. 9, 2021	June 30, 2025	0	0	0
36	MongoDB 5.0	5.0.31	Jan. 28, 2025	July 13, 2021	Oct. 31, 2024	0	5	4
37	MongoDB 4.4	4.4.4	Jan. 4, 2021	July 1, 2020	April 30, 2024	0	4	5
38	MongoDB 4.2	4.2.8	June 15, 2020	Aug. 1, 2019	April 30, 2023	0	4	8
39	MongoDB 4.0	4.0.28	Jan. 31, 2022	June 1, 2018	April 30, 2022	0	4	15
40	MongoDB 3.6	3.6.22	Feb. 8, 2021	Nov. 1, 2017	April 30, 2021	0	4	12
41	MongoDB 3.4	3.4.24	Jan. 27, 2020	Nov. 1, 2016	Jan. 31, 2020	1	4	2
42	MongoDB 3.2	3.2.22	Dec. 28, 2018	Oct. 1, 2015	Oct. 30, 2018	0	1	1
43	MongoDB 4.9	4.9.0			Jan. 1, 2000	0	0	0
44	MongoDB 4.8	4.8.0			Jan. 1, 2000	0	0	0
45	MongoDB 4.7	4.7.0			Jan. 1, 2000	0	0	0
46	MongoDB 4.5	4.5.1			Jan. 1, 2000	0	0	1
47	MongoDB 4.3	4.3.3			Jan. 1, 2000	0	3	7
48	MongoDB 3.4	3.4.9			Jan. 1, 2000	1	6	16
49	MongoDB 3.3	3.3.9			Jan. 1, 2000	0	1	1
50	MongoDB 3.2	3.2.9			Jan. 1, 2000	0	1	1
51	MongoDB 3.0	3.0.9			Jan. 1, 2000	0	2	1
52	MongoDB 2.6	2.6.9			Jan. 1, 2000	0	2	3
53	MongoDB 2.5	2.5.1			Jan. 1, 2000	0	1	3
54	MongoDB 2.4	2.4.9			Jan. 1, 2000	0	2	5
55	MongoDB 2.3	2.3.1			Jan. 1, 2000	0	1	4
56	MongoDB 2.2	2.2.7			Jan. 1, 2000	0	1	5
57	MongoDB 2.0	2.0.8			Jan. 1, 2000	0	1	5
58	MongoDB 1.8	1.8.0			Jan. 1, 2000	0	0	5
59	MongoDB 1.7	1.7.0			Jan. 1, 2000	0	1	5
60	MongoDB 1.6	1.6.0			Jan. 1, 2000	0	0	5
61	MongoDB 1.4	1.4.0			Jan. 1, 2000	0	0	5
62	MongoDB 1.2	1.2.0			Jan. 1, 2000	0	0	5
63	MongoDB 0.8	0.8.0			Jan. 1, 2000	0	0	5
64	MongoDB 0.7	0.7.0			Jan. 1, 2000	0	0	6
65	MongoDB 0.6	0.6.9			Jan. 1, 2000	0	0	6
66	MongoDB 0.5	0.5.0			Jan. 1, 2000	0	0	6
67	MongoDB 0.4	0.4.2			Jan. 1, 2000	0	0	6
68	MongoDB 0.3	0.3.0			Jan. 1, 2000	0	0	6
69	MongoDB 0.2	0.2.1			Jan. 1, 2000	0	0	6
70	MongoDB 0.1	0.1.1			Jan. 1, 2000	0	0	6
71	MongoDB 0.0	0.0.1			Jan. 1, 2000	0	0	6

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	less than	Update date Published date	Show Affected	Exploit PoC Search
31	6.5 4.0	MEDIUM Network	A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects MongoDB Serve…	CWE-754 Improper Check for Unusual or Exceptional Conditions	CVE-2019-20924	cpe:2.3:a:mongodb:mongodb::	4.2.0	4.2.2	2024-11-21 13:39 2020-11-24	Show	GitHub Exploit DB Packet Storm

32	6.5 4.0	MEDIUM Network	A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to…	NVD-CWE-Other	CVE-2019-20923	cpe:2.3:a:mongodb:mongodb::	4.0.0	4.0.7	2024-11-21 13:39 2020-11-24	Show	GitHub Exploit DB Packet Storm

33	6.5 4.0	MEDIUM Network	A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch . This issue affects MongoDB Server v4.0 versions prior t…	CWE-834 Excessive Iteration	CVE-2018-20805	cpe:2.3:a:mongodb:mongodb::	3.6.0 4.0.0	3.6.10 4.0.5	2024-11-21 13:02 2020-11-24	Show	GitHub Exploit DB Packet Storm

34	6.5 4.0	MEDIUM Network	A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects MongoDB Server v4.0 versions prior to 4.0.10 and Mong…	CWE-20 Improper Input Validation	CVE-2018-20804	cpe:2.3:a:mongodb:mongodb::	3.6.0 4.0.0	3.6.13 4.0.10	2024-11-21 13:02 2020-11-24	Show	GitHub Exploit DB Packet Storm

35	6.5 4.0	MEDIUM Network	A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects MongoDB Server v3.6 v…	NVD-CWE-Other	CVE-2018-20802	cpe:2.3:a:mongodb:mongodb::	3.6.0 4.0.0	3.6.9 4.0.3	2024-11-21 13:02 2020-11-24	Show	GitHub Exploit DB Packet Storm

36	6.5 4.0	MEDIUM Network	A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects MongoD…	CWE-755 Improper Handling of Exceptional Conditions	CVE-2020-7926	cpe:2.3:a:mongodb:mongodb::	4.4.0	4.4.1	2024-11-21 14:38 2020-11-24	Show	GitHub Exploit DB Packet Storm

37	7.5 5.0	HIGH Network	Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service…	CWE-20 Improper Input Validation	CVE-2020-7925	cpe:2.3:a:mongodb:mongodb:4.4.0:rc9 cpe:2.3:a:mongodb:mongodb:4.4.0:rc8 cpe:2.3:a:mongodb:mongodb:4.4.0:rc7 cp…	4.2.0	4.2.9	2024-11-21 14:38 2020-11-24	Show	GitHub Exploit DB Packet Storm

38	6.5 4.0	MEDIUM Network	A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue aff…	CWE-755 Improper Handling of Exceptional Conditions	CVE-2020-7923	cpe:2.3:a:mongodb:mongodb::	4.0 4.2 4.4	4.0.19 4.2.8 4.4.0	2024-11-21 14:38 2020-08-22	Show	GitHub Exploit DB Packet Storm

39	5.3 3.5	MEDIUM Network	Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechani…	CWE-863 Incorrect Authorization	CVE-2020-7921	cpe:2.3:a:mongodb:mongodb::	4.2.0 4.0.0 3.6.0 4.3.0	4.2.3 4.0.15 3.6.18 4.3.3	2024-11-21 14:38 2020-05-7	Show	GitHub Exploit DB Packet Storm

40	7.8 6.8	HIGH Local	An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined c…	NVD-CWE-noinfo	CVE-2019-2390	cpe:2.3:a:mongodb:mongodb::	3.4.0 3.6.0 4.0.0	3.4.22 3.6.14 4.0.11	2024-11-21 13:40 2019-08-31	Show	GitHub Exploit DB Packet Storm