Go.Mongodb.Org Mongo-Driver vulnerabilities
2 known vulnerabilities affecting go.mongodb.org/mongo-driver.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2026-2303P3MEDIUM≥ 0, < 1.17.72026-02-10
CVE-2026-2303 [MEDIUM] CWE-183 mongo-go-driver has Heap Out-of-Bounds Read in GSSAPI Error Handling
mongo-go-driver has Heap Out-of-Bounds Read in GSSAPI Error Handling
The mongo-go-driver repository contains CGo bindings for GSSAPI (Kerberos) authentication on Linux and macOS. The C wrapper implementation contains a heap out-of-bounds read vulnerability due to incorrect assumptions about string termination in the GSSAPI standard. Since GSSAPI buffers are not guaranteed to be null-terminated or
ghsa
CVE-2021-20329P4MEDIUM≥ 0, < 1.5.12021-06-15
CVE-2021-20329 [MEDIUM] CWE-1287 go.mongodb.org/mongo-driver improperly validates cstrings when marshalling Go objects into BSON
go.mongodb.org/mongo-driver improperly validates cstrings when marshalling Go objects into BSON
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoD
ghsaosv