Vulnerabilities > Mongo Express Project

DATE CVE VULNERABILITY TITLE RISK
2021-06-21 CVE-2021-21422 Unspecified vulnerability in Mongo-Express Project Mongo-Express
mongo-express is a web-based MongoDB admin interface, written with Node.js and express.
network
low complexity
mongo-express-project
6.1
2021-04-13 CVE-2021-23372 Improper Check for Unusual or Exceptional Conditions vulnerability in Mongo-Express Project Mongo-Express
All versions of package mongo-express are vulnerable to Denial of Service (DoS) when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash.
network
low complexity
mongo-express-project CWE-754
7.5
2021-03-30 CVE-2020-24391 Unspecified vulnerability in Mongo-Express Project Mongo-Express
mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way.
network
low complexity
mongo-express-project
critical
9.8
2019-12-24 CVE-2019-10758 Unspecified vulnerability in Mongo-Express Project Mongo-Express
mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method.
network
low complexity
mongo-express-project
critical
9.9