- How many CVEs does MongoDB have?
- MongoDB has 168 published CVE records since 2013, including 85 in the last two years.
- How many MongoDB CVEs are in CISA KEV?
- Yes — 1 of MongoDB's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which MongoDB products have the most CVEs?
- The MongoDB products with the most published CVEs are MongoDB, mongo, MongoDB server, Mongo-c-driver, C Driver.
- What are the most common weakness types in MongoDB CVEs?
- MongoDB's CVEs most often map to these CWE weakness types: CWE-617 (Reachable Assertion), CWE-20 (Improper Input Validation), CWE-295 (Improper Certificate Validation), CWE-416 (Use After Free).
- Are there public exploits for MongoDB vulnerabilities?
- Yes — 4 of MongoDB's CVEs have a known public exploit.
- How many critical MongoDB vulnerabilities are there?
- MongoDB has 9 critical and 78 high-severity CVEs.
- What is the average severity of MongoDB CVEs?
- The average CVSS base score across MongoDB's scored CVEs is 6.9.