cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2019-2391,https://securityvulnerability.io/vulnerability/CVE-2019-2391,JS-bson may incorrectly serialise some requests,"Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure. This issue affects: MongoDB Inc. js-bson library version 1.1.3 and prior to.

",MongoDB,Js-bson,4.2,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-03-31T13:25:12.000Z,0
CVE-2020-7610,https://securityvulnerability.io/vulnerability/CVE-2020-7610,Deserialization Vulnerability in BSON Package Affecting Multiple Applications,"The BSON package is susceptible to a deserialization vulnerability that arises when an unknown value is encountered for an object's _bsotype. This flaw may result in objects being serialized as documents instead of the intended BSON types, potentially leading to unintended behaviors and security issues in applications relying on the BSON library.",Mongodb,Bson,9.8,CRITICAL,0.0029100000392645597,false,,false,false,false,,,false,false,,2020-03-30T18:28:17.000Z,0
CVE-2015-4411,https://securityvulnerability.io/vulnerability/CVE-2015-4411,Denial of Service Vulnerability in MongoDB BSON Ruby by Moped,"The Moped::BSON::ObjecId.legal? method in the mongoid/moped library, prior to version 3.0.4, is susceptible to crafted input that could lead to resource exhaustion. This vulnerability allows remote attackers to exploit the method, resulting in a denial of service by consuming worker resources. This was reported as a result of an incomplete fix related to a previous vulnerability (CVE-2015-4410).",Mongodb,Bson,7.5,HIGH,0.02256999909877777,false,,false,false,false,,,false,false,,2020-02-20T16:24:22.000Z,0
CVE-2018-13863,https://securityvulnerability.io/vulnerability/CVE-2018-13863,,The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString() function is called to parse a long untrusted string.,Mongodb,Js-bson,7.5,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2018-07-10T20:29:00.000Z,0