Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package bson, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2020-7610 — CVSS 9.8 (critical): All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an…
CVE-2018-13863 — CVSS 7.5 (high): The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression…
CVE-2019-2391 — CVSS 4.2 (medium): Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application…