Vulnerabilities > Mongodb > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-01 | CVE-2024-6376 | Code Injection vulnerability in Mongodb Compass MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. | 9.8 |
| 2020-03-30 | CVE-2020-7610 | Deserialization of Untrusted Data vulnerability in Mongodb Bson All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. | 9.8 |
| 2017-11-01 | CVE-2017-15535 | Unspecified vulnerability in Mongodb MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory. | 9.1 |