CLEANSTART-2026-KS09647

See a problem?

Import Source

https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-KS09647.json

JSON Data

https://api.osv.dev/v1/vulns/CLEANSTART-2026-KS09647

Upstream

CVE-2025-25285

CVE-2025-62718

CVE-2026-21637

CVE-2026-2950

CVE-2026-33750

CVE-2026-33916

CVE-2026-33937

CVE-2026-4800

CVE-2026-4923

CVE-2026-4926

ghsa-23c5-xmqv-rm74

ghsa-2qvq-rjwj-gvw9

ghsa-2w6w-674q-4c4q

ghsa-3mfm-83xf-c92r

ghsa-3p68-rc4w-qgx5

ghsa-3ppc-4f35-3m26

ghsa-3v7f-55p6-f55p

ghsa-442j-39wm-28r2

ghsa-48c2-rrv3-qjmp

ghsa-72xf-g2v4-qvf3

ghsa-7r86-cg39-jmmj

ghsa-7rx3-28cr-v5wh

ghsa-9cx6-37pm-9jff

ghsa-c2c7-rcm5-vvqj

ghsa-chqc-8p9q-pq6q

ghsa-f23m-r3pf-42rh

ghsa-f886-m6hf-6m8v

ghsa-j3q9-mxjg-w52f

ghsa-pfrx-2q88-qq97

ghsa-r5fr-rjxr-66jc

ghsa-rc47-6667-2j5j

ghsa-rmvr-2pp2-xj38

ghsa-xhpv-hc6g-r9c6

ghsa-xjpj-3mr7-gcpf

Published

2026-04-16T00:55:51.498867Z

Modified

2026-04-23T05:02:08.121248Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Axios is a promise based HTTP client for the browser and Node

Details

Multiple security vulnerabilities affect the mongosh package. Axios is a promise based HTTP client for the browser and Node. See references for individual vulnerability details.

References

Affected packages

CleanStart / mongosh

Package

Name: mongosh

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.6.0-r3

Database specific

source

"https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-KS09647.json"