VulnerableCode Package Details - pkg:npm/mongoose@1.0.5

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/mongoose@1.0.5

Essentials
History (4)

purl	pkg:npm/mongoose@1.0.5

Next non-vulnerable version	6.13.6
Latest non-vulnerable version	9.1.6
Risk

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-79e8-w592-4kfc Aliases: CVE-2025-23061 GHSA-vg7j-7cwx-8wgw	Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to search injection. NOTE: this issue exists because of an incomplete fix for CVE-2024-53900.	6.13.6 Affected by 0 other vulnerabilities. 7.8.4 Affected by 0 other vulnerabilities. 8.9.5 Affected by 0 other vulnerabilities.
VCID-7kqt-gc7f-yqc2 Aliases: CVE-2022-2564 GHSA-f825-f98c-gj3g	Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6.	5.13.15 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 6.0.0-rc0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 6.4.6 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-e36b-xyqv-5uh1 Aliases: CVE-2019-17426 GHSA-8687-vv9j-hgph	Improper Input Validation in Automattic Mongoose	4.13.21 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.7.5 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-xk4w-gxs4-7bab Aliases: CVE-2023-3696 GHSA-9m93-w8w6-76hh	Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4.	5.13.20 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 6.11.3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.3.3 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.3.4 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T19:50:09.847059+00:00	GitLab Importer	Affected by	VCID-79e8-w592-4kfc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mongoose/CVE-2025-23061.yml	38.6.0
2026-06-12T19:00:35.183377+00:00	GitLab Importer	Affected by	VCID-xk4w-gxs4-7bab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mongoose/CVE-2023-3696.yml	38.6.0
2026-06-12T18:28:49.486601+00:00	GitLab Importer	Affected by	VCID-7kqt-gc7f-yqc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mongoose/CVE-2022-2564.yml	38.6.0
2026-06-12T17:14:43.812412+00:00	GitLab Importer	Affected by	VCID-e36b-xyqv-5uh1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mongoose/CVE-2019-17426.yml	38.6.0