Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/mongo-express@0.30.57
Typenpm
Namespace
Namemongo-express
Version0.30.57
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-9zpn-rzfs-pyfg
vulnerability_id VCID-9zpn-rzfs-pyfg
summary 
Remote Code Execution Vulnerability in NPM mongo-express
Remote code execution on the host machine by any authenticated user.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10758
reference_id
reference_type
scores
0
value 0.94352
scoring_system epss
scoring_elements 0.99961
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10758
1
reference_url https://github.com/mongo-express/mongo-express
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mongo-express/mongo-express
2
reference_url https://github.com/mongo-express/mongo-express/blob/ea02b364d43f179f191fc91fb9962efdb0843a8d/lib/bson.js#L60
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mongo-express/mongo-express/blob/ea02b364d43f179f191fc91fb9962efdb0843a8d/lib/bson.js#L60
3
reference_url https://github.com/mongo-express/mongo-express/commit/7d365141deadbd38fa961cd835ce68eab5731494
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mongo-express/mongo-express/commit/7d365141deadbd38fa961cd835ce68eab5731494
4
reference_url https://github.com/mongo-express/mongo-express/commit/d8c9bda46a204ecba1d35558452685cd0674e6f2
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mongo-express/mongo-express/commit/d8c9bda46a204ecba1d35558452685cd0674e6f2
5
reference_url https://github.com/mongo-express/mongo-express/pull/522
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mongo-express/mongo-express/pull/522
6
reference_url https://snyk.io/vuln/SNYK-JS-MONGOEXPRESS-473215
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:54:06Z/
url https://snyk.io/vuln/SNYK-JS-MONGOEXPRESS-473215
7
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-10758
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-10758
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10758
reference_id CVE-2019-10758
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10758
9
reference_url https://github.com/advisories/GHSA-h47j-hc6x-h3qq
reference_id GHSA-h47j-hc6x-h3qq
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h47j-hc6x-h3qq
10
reference_url https://github.com/mongo-express/mongo-express/security/advisories/GHSA-h47j-hc6x-h3qq
reference_id GHSA-h47j-hc6x-h3qq
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mongo-express/mongo-express/security/advisories/GHSA-h47j-hc6x-h3qq
fixed_packages
0
url pkg:npm/mongo-express@0.54.0
purl pkg:npm/mongo-express@0.54.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kas3-jua6-hqer
1
vulnerability VCID-nr2n-pfu7-afat
2
vulnerability VCID-quer-e8mx-eyg2
3
vulnerability VCID-wjdj-n2qp-u3aw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/mongo-express@0.54.0
aliases CVE-2019-10758, GHSA-h47j-hc6x-h3qq
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9zpn-rzfs-pyfg
1
url VCID-kas3-jua6-hqer
vulnerability_id VCID-kas3-jua6-hqer
summary 
Improper Check for Unusual or Exceptional Conditions
Mongo-express is vulnerable to Denial of Service (DoS) when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-23372
reference_id
reference_type
scores
0
value 0.00306
scoring_system epss
scoring_elements 0.54172
published_at 2026-06-08T12:55:00Z
1
value 0.00306
scoring_system epss
scoring_elements 0.54141
published_at 2026-06-04T12:55:00Z
2
value 0.00306
scoring_system epss
scoring_elements 0.54197
published_at 2026-06-05T12:55:00Z
3
value 0.00306
scoring_system epss
scoring_elements 0.54205
published_at 2026-06-06T12:55:00Z
4
value 0.00306
scoring_system epss
scoring_elements 0.54195
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-23372
1
reference_url https://github.com/mongo-express/mongo-express
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mongo-express/mongo-express
2
reference_url https://snyk.io/vuln/SNYK-JS-MONGOEXPRESS-1085403
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-MONGOEXPRESS-1085403
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-23372
reference_id CVE-2021-23372
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-23372
4
reference_url https://github.com/advisories/GHSA-m2r3-8492-vx59
reference_id GHSA-m2r3-8492-vx59
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m2r3-8492-vx59
fixed_packages
aliases CVE-2021-23372, GHSA-m2r3-8492-vx59
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kas3-jua6-hqer
2
url VCID-nr2n-pfu7-afat
vulnerability_id VCID-nr2n-pfu7-afat
summary 
Javascript Injection
mongo-express offers support for certain advanced syntax but implements this in an unsafe way
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-24391
reference_id
reference_type
scores
0
value 0.92863
scoring_system epss
scoring_elements 0.99777
published_at 2026-06-08T12:55:00Z
1
value 0.92863
scoring_system epss
scoring_elements 0.99776
published_at 2026-06-07T12:55:00Z
2
value 0.92863
scoring_system epss
scoring_elements 0.99775
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-24391
1
reference_url https://github.com/mongodb-js/query-parser/issues/16
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mongodb-js/query-parser/issues/16
2
reference_url https://github.com/mongo-express/mongo-express/commit/3a26b079e7821e0e209c3ee0cc2ae15ad467b91a
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mongo-express/mongo-express/commit/3a26b079e7821e0e209c3ee0cc2ae15ad467b91a
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-24391
reference_id CVE-2020-24391
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-24391
4
reference_url https://github.com/advisories/GHSA-hxmg-hm46-cf62
reference_id GHSA-hxmg-hm46-cf62
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hxmg-hm46-cf62
fixed_packages
0
url pkg:npm/mongo-express@1.0.0-alpha.1
purl pkg:npm/mongo-express@1.0.0-alpha.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kas3-jua6-hqer
1
vulnerability VCID-wjdj-n2qp-u3aw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/mongo-express@1.0.0-alpha.1
aliases CVE-2020-24391, GHSA-hxmg-hm46-cf62
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nr2n-pfu7-afat
3
url VCID-quer-e8mx-eyg2
vulnerability_id VCID-quer-e8mx-eyg2
summary 
Cross-site Scripting
mongo-express is a web-based MongoDB admin interface, written with Node.js and express.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21422
reference_id
reference_type
scores
0
value 0.01294
scoring_system epss
scoring_elements 0.80048
published_at 2026-06-05T12:55:00Z
1
value 0.01294
scoring_system epss
scoring_elements 0.80037
published_at 2026-06-08T12:55:00Z
2
value 0.01294
scoring_system epss
scoring_elements 0.80047
published_at 2026-06-07T12:55:00Z
3
value 0.01294
scoring_system epss
scoring_elements 0.80022
published_at 2026-06-04T12:55:00Z
4
value 0.01294
scoring_system epss
scoring_elements 0.80053
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21422
1
reference_url https://github.com/mongo-express/mongo-express/commit/f5e0d4931f856f032f22664b5e5901d5950cfd4b
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mongo-express/mongo-express/commit/f5e0d4931f856f032f22664b5e5901d5950cfd4b
2
reference_url https://github.com/mongo-express/mongo-express/issues/577
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mongo-express/mongo-express/issues/577
3
reference_url https://github.com/mongo-express/mongo-express/security/advisories/GHSA-7p8h-86p5-wv3p
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mongo-express/mongo-express/security/advisories/GHSA-7p8h-86p5-wv3p
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21422
reference_id CVE-2021-21422
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21422
5
reference_url https://github.com/advisories/GHSA-7p8h-86p5-wv3p
reference_id GHSA-7p8h-86p5-wv3p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7p8h-86p5-wv3p
fixed_packages
0
url pkg:npm/mongo-express@1.0.0-alpha.1
purl pkg:npm/mongo-express@1.0.0-alpha.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kas3-jua6-hqer
1
vulnerability VCID-wjdj-n2qp-u3aw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/mongo-express@1.0.0-alpha.1
1
url pkg:npm/mongo-express@1.0.0-alpha.4
purl pkg:npm/mongo-express@1.0.0-alpha.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wjdj-n2qp-u3aw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/mongo-express@1.0.0-alpha.4
aliases CVE-2021-21422, GHSA-7p8h-86p5-wv3p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-quer-e8mx-eyg2
4
url VCID-wjdj-n2qp-u3aw
vulnerability_id VCID-wjdj-n2qp-u3aw
summary 
mongo-express Cross-site Request Forgery vulnerability
In mongo-express 1.0.2, /admin allows CSRF, as demonstrated by deletion of a Collection.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-52555
reference_id
reference_type
scores
0
value 0.00746
scoring_system epss
scoring_elements 0.73463
published_at 2026-06-06T12:55:00Z
1
value 0.00746
scoring_system epss
scoring_elements 0.73437
published_at 2026-06-08T12:55:00Z
2
value 0.00746
scoring_system epss
scoring_elements 0.7345
published_at 2026-06-07T12:55:00Z
3
value 0.00746
scoring_system epss
scoring_elements 0.73458
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-52555
1
reference_url https://github.com/mongo-express/mongo-express
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mongo-express/mongo-express
2
reference_url https://github.com/mongo-express/mongo-express/issues/1338
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-01T15:40:23Z/
url https://github.com/mongo-express/mongo-express/issues/1338
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-52555
reference_id CVE-2023-52555
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-52555
4
reference_url https://github.com/advisories/GHSA-fffg-cwc9-xvj7
reference_id GHSA-fffg-cwc9-xvj7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fffg-cwc9-xvj7
fixed_packages
aliases CVE-2023-52555, GHSA-fffg-cwc9-xvj7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wjdj-n2qp-u3aw
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/mongo-express@0.30.57