VulnerableCode Package Details - pkg:npm/mongo-express@0.46.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/mongo-express@0.46.0

Essentials
History (5)

purl	pkg:npm/mongo-express@0.46.0

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-2auc-8zsk-kqhg Aliases: CVE-2019-10758 GHSA-h47j-hc6x-h3qq	mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.	0.54.0 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ars1-8yk5-43c7 Aliases: CVE-2021-23372 GHSA-m2r3-8492-vx59		There are no reported fixed by versions.
VCID-ayxm-v7nf-7fam Aliases: CVE-2020-24391 GHSA-hxmg-hm46-cf62		1.0.0-alpha.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-n196-evzb-pka4 Aliases: CVE-2023-52555 GHSA-fffg-cwc9-xvj7	In mongo-express 1.0.2, /admin allows CSRF, as demonstrated by deletion of a Collection.	There are no reported fixed by versions.
VCID-qzzh-gehj-1bfp Aliases: CVE-2021-21422 GHSA-7p8h-86p5-wv3p		1.0.0-alpha.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.0.0-alpha.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T19:22:02.181115+00:00	GitLab Importer	Affected by	VCID-n196-evzb-pka4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mongo-express/CVE-2023-52555.yml	38.6.0
2026-06-12T17:43:20.066289+00:00	GitLab Importer	Affected by	VCID-qzzh-gehj-1bfp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mongo-express/CVE-2021-21422.yml	38.6.0
2026-06-12T17:37:11.526959+00:00	GitLab Importer	Affected by	VCID-ars1-8yk5-43c7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mongo-express/CVE-2021-23372.yml	38.6.0
2026-06-12T17:36:11.790686+00:00	GitLab Importer	Affected by	VCID-ayxm-v7nf-7fam	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mongo-express/CVE-2020-24391.yml	38.6.0
2026-06-12T17:16:45.202722+00:00	GitLab Importer	Affected by	VCID-2auc-8zsk-kqhg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mongo-express/CVE-2019-10758.yml	38.6.0