products / mongodb

MongoDB

MongoDB is a document database and CNA; NVD entries often include explicit mongodb:mongodb CPE ranges. Use server release versions (6.0.x, 7.0.x) as you would in ops tooling.

api usage

Querying MongoDB

product slugmongodb

version format6.0.3, 7.0.2

bash

curl "https://api.attestd.io/v1/check?product=mongodb&version=6.0.3" \
  -H "Authorization: Bearer $ATTESTD_KEY"

Spot-check CVE-2025-14847 (MongoBleed / memory disclosure). Confirm risk_state and fixed_version against live synthesis.

json

{
  "product": "mongodb",
  "version": "6.0.3",
  "supported": true,
  "risk_state": "high",
  "risk_factors": ["remote_exploitable", "patch_available"],
  "actively_exploited": false,
  "remote_exploitable": true,
  "authentication_required": false,
  "patch_available": true,
  "fixed_version": "6.0.16",
  "confidence": 0.82,
  "cve_ids": ["CVE-2025-14847"],
  "last_updated": "2026-04-03T00:00:00Z"
}

cleaner line

Newer release

bash

curl "https://api.attestd.io/v1/check?product=mongodb&version=8.0.12" \
  -H "Authorization: Bearer $ATTESTD_KEY"

notable cves

CVE history

CVE	Description	Affects	CVSS
`CVE-2025-14847`	Memory disclosure / protocol handling (MongoBleed family).	6.0.x (see NVD)	7.5
`CVE-2021-20328`	Driver / server interaction exposing sensitive data in certain configs.	4.4, 5.0	6.5
`CVE-2019-2392`	Server component DoS via crafted BSON.	3.6, 4.0	6.5
`CVE-2020-7928`	Information exposure in MongoDB server.	4.0, 4.2	4.0
`CVE-2024-6383`	Authorization / privilege boundary issue (verify NVD ranges).	see NVD	6.0

All products CouchDB PostgreSQL