Search for packages
| purl | pkg:npm/mongo-express@0.12.0 |
| Next non-vulnerable version | 1.0.0-alpha.4 |
| Latest non-vulnerable version | 1.0.0-alpha.4 |
| Risk |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9zpn-rzfs-pyfg
Aliases: CVE-2019-10758 GHSA-h47j-hc6x-h3qq |
Remote Code Execution Vulnerability in NPM mongo-express Remote code execution on the host machine by any authenticated user. |
Affected by 3 other vulnerabilities. |
|
VCID-kas3-jua6-hqer
Aliases: CVE-2021-23372 GHSA-m2r3-8492-vx59 |
Improper Check for Unusual or Exceptional Conditions Mongo-express is vulnerable to Denial of Service (DoS) when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash. | There are no reported fixed by versions. |
|
VCID-nr2n-pfu7-afat
Aliases: CVE-2020-24391 GHSA-hxmg-hm46-cf62 |
Javascript Injection mongo-express offers support for certain advanced syntax but implements this in an unsafe way |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T20:49:02.314345+00:00 | GitLab Importer | Affected by | VCID-kas3-jua6-hqer | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mongo-express/CVE-2021-23372.yml | 38.6.0 |
| 2026-06-04T20:47:57.828481+00:00 | GitLab Importer | Affected by | VCID-nr2n-pfu7-afat | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mongo-express/CVE-2020-24391.yml | 38.6.0 |
| 2026-06-04T20:26:14.230884+00:00 | GitLab Importer | Affected by | VCID-9zpn-rzfs-pyfg | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mongo-express/CVE-2019-10758.yml | 38.6.0 |