| Release | Version |
|---|---|
| bullseye | 1.17.6-1 |
| bullseye (security) | 1.17.6-1+deb11u2 |
| bookworm | 1.23.1-1+deb12u3 |
| trixie | 1.30.4-1+deb13u2 |
| forky | 2.3.0-1 |
| sid | 2.3.0-1 |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2026-9100 | vulnerable | fixed | fixed | fixed | fixed | The MongoDB C Driver's legacy GridFS API accepts malformed file metada ... |
| CVE-2026-6691 | vulnerable (no DSA, postponed) | fixed | fixed | fixed | fixed | The MongoDB C Driver's Cyrus SASL integration performs unsafe string c ... |
| CVE-2026-6231 | vulnerable (no DSA, postponed) | fixed | fixed | fixed | fixed | The bson_validate function may return early on specific inputs and inc ... |
| CVE-2026-4359 | vulnerable (no DSA, postponed) | fixed | fixed | fixed | fixed | A compromised third party cloud server or man-in-the-middle attacker c ... |
| CVE-2025-14911 | vulnerable (no DSA, postponed) | fixed | fixed | fixed | fixed | User-controlled chunkSize metadata from MongoDB lacks appropriate vali ... |
| Bug | Description |
|---|---|
| CVE-2025-12119 | A mongoc_bulk_operation_t may read invalid memory if large options are ... |
| CVE-2025-0755 | The various bson_appendfunctions in the MongoDB C driver library may b ... |
| CVE-2024-6383 | The bson_string_append function in MongoDB C Driver may be vulnerable ... |
| CVE-2024-6381 | The bson_strfreev function in the MongoDB C driver library may be susc ... |
| CVE-2023-0437 | When calling bson_utf8_validateon some inputs a loop with an exit cond ... |
| CVE-2021-32050 | Some MongoDB Drivers may erroneously publish events containing authent ... |
| CVE-2018-16790 | _bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in ... |
| DSA / DLA | Description |
|---|---|
| DLA-4438-1 | mongo-c-driver - security update |
| DLA-4175-1 | mongo-c-driver - security update |