Mongoosejs Mongoose
2 CVEs affecting Mongoosejs Mongoose. Latest disclosed: 2026-05-14. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-23061 | Critical | 9.0 | 2025-01-15 | Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to search injection. NOTE: this issue exists because of an inc… |
CVE-2026-42334 | High | 7.5 | 2026-05-14 | Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Prior to 6.13.9, 7.8.9, 8.22.1, and 9.1.6, a vulnerability allows b… |