VulnerableCode Package Details - pkg:npm/mongo-express@0.54.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/mongo-express@0.54.0

Essentials
History (7)

purl	pkg:npm/mongo-express@0.54.0

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	10.0

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-kas3-jua6-hqer Aliases: CVE-2021-23372 GHSA-m2r3-8492-vx59	Improper Check for Unusual or Exceptional Conditions Mongo-express is vulnerable to Denial of Service (DoS) when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash.	There are no reported fixed by versions.
VCID-nr2n-pfu7-afat Aliases: CVE-2020-24391 GHSA-hxmg-hm46-cf62	Javascript Injection mongo-express offers support for certain advanced syntax but implements this in an unsafe way	1.0.0-alpha.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-quer-e8mx-eyg2 Aliases: CVE-2021-21422 GHSA-7p8h-86p5-wv3p	Cross-site Scripting mongo-express is a web-based MongoDB admin interface, written with Node.js and express.	1.0.0-alpha.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.0.0-alpha.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-wjdj-n2qp-u3aw Aliases: CVE-2023-52555 GHSA-fffg-cwc9-xvj7	mongo-express Cross-site Request Forgery vulnerability In mongo-express 1.0.2, /admin allows CSRF, as demonstrated by deletion of a Collection.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-9zpn-rzfs-pyfg	Remote Code Execution Vulnerability in NPM mongo-express Remote code execution on the host machine by any authenticated user.	CVE-2019-10758 GHSA-h47j-hc6x-h3qq

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T04:43:06.321259+00:00	GitLab Importer	Affected by	VCID-wjdj-n2qp-u3aw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mongo-express/CVE-2023-52555.yml	38.6.0
2026-06-05T21:10:43.525334+00:00	GHSA Importer	Fixing	VCID-9zpn-rzfs-pyfg	https://github.com/advisories/GHSA-h47j-hc6x-h3qq	38.6.0
2026-06-04T20:49:02.979579+00:00	GitLab Importer	Affected by	VCID-kas3-jua6-hqer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mongo-express/CVE-2021-23372.yml	38.6.0
2026-06-04T17:41:56.278282+00:00	GithubOSV Importer	Fixing	VCID-9zpn-rzfs-pyfg	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/12/GHSA-h47j-hc6x-h3qq/GHSA-h47j-hc6x-h3qq.json	38.6.0
2026-06-04T16:21:33.657534+00:00	GitLab Importer	Affected by	VCID-quer-e8mx-eyg2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mongo-express/CVE-2021-21422.yml	38.6.0
2026-06-04T16:20:58.484670+00:00	GitLab Importer	Affected by	VCID-nr2n-pfu7-afat	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mongo-express/CVE-2020-24391.yml	38.6.0
2026-06-04T16:19:43.289888+00:00	GitLab Importer	Fixing	VCID-9zpn-rzfs-pyfg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mongo-express/CVE-2019-10758.yml	38.6.0