VulnerableCode Package Details - pkg:npm/mongoose@4.11.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/mongoose@4.11.0

Essentials
History (5)

purl	pkg:npm/mongoose@4.11.0

Next non-vulnerable version	6.13.6
Latest non-vulnerable version	9.1.6
Risk

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-74zu-ckd6-cqcz Aliases: CVE-2024-53900 GHSA-m7xq-9374-9rvx	Mongoose before 8.8.3 can improperly use $where in match, leading to search injection.	5.13.23 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 6.13.5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 7.8.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 8.8.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-79e8-w592-4kfc Aliases: CVE-2025-23061 GHSA-vg7j-7cwx-8wgw	Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to search injection. NOTE: this issue exists because of an incomplete fix for CVE-2024-53900.	6.13.6 Affected by 0 other vulnerabilities. 7.8.4 Affected by 0 other vulnerabilities. 8.9.5 Affected by 0 other vulnerabilities.
VCID-7kqt-gc7f-yqc2 Aliases: CVE-2022-2564 GHSA-f825-f98c-gj3g	Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6.	5.13.15 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 6.0.0-rc0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 6.4.6 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-e36b-xyqv-5uh1 Aliases: CVE-2019-17426 GHSA-8687-vv9j-hgph	Improper Input Validation in Automattic Mongoose	4.13.21 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.7.5 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-xk4w-gxs4-7bab Aliases: CVE-2023-3696 GHSA-9m93-w8w6-76hh	Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4.	5.13.20 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 6.11.3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.3.3 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.3.4 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T19:50:11.393069+00:00	GitLab Importer	Affected by	VCID-79e8-w592-4kfc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mongoose/CVE-2025-23061.yml	38.6.0
2026-06-12T19:47:45.203959+00:00	GitLab Importer	Affected by	VCID-74zu-ckd6-cqcz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mongoose/CVE-2024-53900.yml	38.6.0
2026-06-12T19:00:36.704844+00:00	GitLab Importer	Affected by	VCID-xk4w-gxs4-7bab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mongoose/CVE-2023-3696.yml	38.6.0
2026-06-12T18:28:51.005018+00:00	GitLab Importer	Affected by	VCID-7kqt-gc7f-yqc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mongoose/CVE-2022-2564.yml	38.6.0
2026-06-12T17:14:45.624941+00:00	GitLab Importer	Affected by	VCID-e36b-xyqv-5uh1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mongoose/CVE-2019-17426.yml	38.6.0