Skip to main content

C Driver

6 CVEs product

Monthly

CVE-2026-6231 MEDIUM PATCH This Month

MongoDB C Driver bson_validate function returns early on specific inputs and incorrectly reports successful validation, allowing malformed or invalid UTF-8 sequences in BSON data to bypass validation checks. This affects MongoDB C Driver versions prior to 1.30.5, 2.0.0, and 2.0.1, and impacts applications that depend on this validation function to process untrusted BSON data. Authenticated remote attackers can exploit this to inject invalid BSON data, potentially causing integrity issues in downstream processing; EPSS 0.48 indicates this is a moderate-priority issue that warrants patching but is not among the highest-risk vulnerabilities.

Authentication Bypass C Driver
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-12119 PHP MEDIUM PATCH This Month

A mongoc_bulk_operation_t may read invalid memory if large options are passed. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure C Driver Php Driver
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2024-7553 HIGH This Week

Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass PHP Privilege Escalation Microsoft MongoDB +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-0437 MEDIUM This Month

When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service C Driver
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2021-20331 NuGet MEDIUM PATCH This Month

Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure C Driver
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2020-12135 MEDIUM POC PATCH This Month

bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Whoopsie C Driver
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

MongoDB C Driver bson_validate function returns early on specific inputs and incorrectly reports successful validation, allowing malformed or invalid UTF-8 sequences in BSON data to bypass validation checks. This affects MongoDB C Driver versions prior to 1.30.5, 2.0.0, and 2.0.1, and impacts applications that depend on this validation function to process untrusted BSON data. Authenticated remote attackers can exploit this to inject invalid BSON data, potentially causing integrity issues in downstream processing; EPSS 0.48 indicates this is a moderate-priority issue that warrants patching but is not among the highest-risk vulnerabilities.

Authentication Bypass C Driver
NVD
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

A mongoc_bulk_operation_t may read invalid memory if large options are passed. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure C Driver Php Driver
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass PHP Privilege Escalation +4
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service C Driver
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure C Driver
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Whoopsie +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy