MongoDB Libbson
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in MongoDB Libbson.
By the Year
In 2026 there have been 0 vulnerabilities in MongoDB Libbson. Last year, in 2025 Libbson had 1 security vulnerability published. Right now, Libbson is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 8.40 |
| 2024 | 2 | 4.65 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 8.10 |
It may take a day or so for new Libbson vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent MongoDB Libbson Security Vulnerabilities
MongoDB C Driver <1.27.5: Buffer Overflow via bson_append
CVE-2025-0755
8.4 - High
- March 18, 2025
The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16
Heap-based Buffer Overflow
MongoDB C Driver libbson buffer overflow vuln (pre1.27.1)
CVE-2024-6383
5.3 - Medium
- July 03, 2024
The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1
Heap-based Buffer Overflow
Integer Overflow in libbson <1.26.2 causing memory corruption
CVE-2024-6381
4 - Medium
- July 02, 2024
The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2
Integer Overflow to Buffer Overflow
_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read
CVE-2018-16790
8.1 - High
- September 10, 2018
_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer.
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for MongoDB Libbson or by MongoDB? Click the Watch button to subscribe.
