GCVE - cpe:2.3:a:automattic:automattic/mongoose:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:automattic:automattic/mongoose:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Automattic (`1dc39c9b-4ddb-5af6-acf4-410b436129a9`)
Product	Automattic/Mongoose (`45c33195-da1b-5653-a393-8d94dedbe16c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-3696`	vulnerable	2026-06-03 14:52:41.525256	Prototype Pollution in automattic/mongoose CRITICAL (10) Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4. Published: 2023-07-17T00:00:21.160Z Updated: 2024-10-30T14:16:54.986Z Open on db.gcve.eu Reference links https://huntr.dev/bounties/1eef5a72-f6ab-4f61-b31d-fc66f5b4b467 https://github.com/automattic/mongoose/commit/305ce4ff789261df7e3f6e72363d0703e025f80d	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-2564`	vulnerable	2026-06-03 14:47:06.679785	Prototype Pollution in automattic/mongoose HIGH (7) Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6. Published: 2022-07-28T15:21:20.000Z Updated: 2024-11-20T16:14:46.191Z Open on db.gcve.eu Reference links https://github.com/Automattic/mongoose/blob/51e758541763b6f14569744ced15cc23ab8b50c6/lib/schema.js#L88-L141 https://huntr.dev/bounties/055be524-9296-4b2f-b68d-6d5b810d1ddd https://github.com/automattic/mongoose/commit/a45cfb6b0ce0067ae9794cfa80f7917e1fb3c6f8 https://github.com/Automattic/mongoose/compare/6.4.5...6.4.6	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.