VulnerableCode Package Details - pkg:npm/mongodb-query-parser@1.1.2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/mongodb-query-parser@1.1.2

Essentials
History (2)

purl	pkg:npm/mongodb-query-parser@1.1.2

Next non-vulnerable version	2.0.0
Latest non-vulnerable version	2.0.0
Risk	10.0

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-nr2n-pfu7-afat Aliases: CVE-2020-24391 GHSA-hxmg-hm46-cf62	Javascript Injection mongo-express offers support for certain advanced syntax but implements this in an unsafe way	2.0.0 Affected by 0 other vulnerabilities.
VCID-rkuq-2dp1-wkeh Aliases: GHSA-97mg-3cr6-3x4c GMS-2020-390	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in mongodb-query-parser.	2.0.0 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T20:49:18.131929+00:00	GitLab Importer	Affected by	VCID-nr2n-pfu7-afat	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mongodb-query-parser/CVE-2020-24391.yml	38.6.0
2026-06-04T20:38:22.576634+00:00	GitLab Importer	Affected by	VCID-rkuq-2dp1-wkeh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mongodb-query-parser/GMS-2020-390.yml	38.6.0