Vulnerability Database
296,416
Total vulnerabilities in the database
CVE-2025-23061
Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to search injection. NOTE: this issue exists because of an incomplete fix for CVE-2024-53900.
- https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md
- https://github.com/Automattic/mongoose/commit/64a9f9706f2428c49e0cfb8e223065acc645f7bc
- https://github.com/Automattic/mongoose/compare/6.13.5...6.13.6
- https://github.com/Automattic/mongoose/compare/7.8.3...7.8.4
- https://github.com/Automattic/mongoose/compare/8.9.4...8.9.5
- https://github.com/Automattic/mongoose/releases/tag/6.13.6
- https://github.com/Automattic/mongoose/releases/tag/7.8.4
- https://github.com/Automattic/mongoose/releases/tag/8.9.5
- https://www.npmjs.com/package/mongoose?activeTab=versions
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime