Bitnami/mongoose — 5 CVEs

CRITICAL10.0CVE-2023-3696Mongoose Prototype Pollution vulnerability

from 0, < 5.13.20, >= 6.0.0, < 6.11.3, >= 7.0.0, < 7.3.4

CRITICAL9.8CVE-2024-53900Mongoose search injection vulnerability

from 0, < 6.13.5, >= 7.0.0, < 8.8.3

CRITICAL9.0CVE-2025-23061Mongoose search injection vulnerability

>= 6.0.0, < 6.13.6, >= 7.0.0, < 7.8.4, >= 8.0.0, < 8.9.5

HIGH7.5Mongoose's Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection

from 0, < 6.13.9, >= 7.0.0, < 9.2.0

HIGH7.0automattic/mongoose vulnerable to Prototype pollution via Schema.path

from 0, < 5.13.15, >= 6.0.0, < 6.4.6

pkg:Bitnami/mongoose