VulnerableCode Package Details - pkg:pypi/pymongo@0.7

Search for packages

Vulnerability	Summary	Fixed by
VCID-3z21-133b-9kch Aliases: CVE-2024-21506 GHSA-cr6f-gf5w-vhrc	Duplicate This advisory duplicates another.	4.6.3 Affected by 0 other vulnerabilities.
VCID-bstf-w638-8uex Aliases: CVE-2013-2132 GHSA-x33v-f3gp-gw2c PYSEC-2013-30	bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."	2.5.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-fcud-p9kt-3bfv Aliases: CVE-2024-5629 GHSA-m87m-mmvp-v9qm	PyMongo Out-of-bounds Read in the bson module Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the following bytes are not printable UTF-8 the parser throws an exception with a single byte.	4.6.3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-3z21-133b-9kch
Aliases:
CVE-2024-21506
GHSA-cr6f-gf5w-vhrc

Duplicate This advisory duplicates another.

4.6.3
Affected by 0 other vulnerabilities.

VCID-bstf-w638-8uex
Aliases:
CVE-2013-2132
GHSA-x33v-f3gp-gw2c
PYSEC-2013-30

bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."

2.5.2
Affected by 2 other vulnerabilities.

VCID-fcud-p9kt-3bfv
Aliases:
CVE-2024-5629
GHSA-m87m-mmvp-v9qm

PyMongo Out-of-bounds Read in the bson module Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the following bytes are not printable UTF-8 the parser throws an exception with a single byte.

4.6.3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T05:03:21.279017+00:00	GitLab Importer	Affected by	VCID-fcud-p9kt-3bfv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pymongo/CVE-2024-5629.yml	38.6.0
2026-06-06T04:48:13.195804+00:00	GitLab Importer	Affected by	VCID-3z21-133b-9kch	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pymongo/CVE-2024-21506.yml	38.6.0
2026-06-06T02:00:43.231940+00:00	GitLab Importer	Affected by	VCID-bstf-w638-8uex	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pymongo/CVE-2013-2132.yml	38.6.0
2026-06-05T16:49:15.121478+00:00	GHSA Importer	Affected by	VCID-bstf-w638-8uex	https://github.com/advisories/GHSA-x33v-f3gp-gw2c	38.6.0
2026-06-04T16:15:55.234804+00:00	PyPI Importer	Affected by	VCID-bstf-w638-8uex	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-02T04:03:20.076558+00:00	Pypa Importer	Affected by	VCID-bstf-w638-8uex	https://github.com/pypa/advisory-database/blob/main/vulns/pymongo/PYSEC-2013-30.yaml	38.6.0