OSV - Open Source Vulnerabilities

CLEANSTART-2026-KS09647

CleanStart/mongosh

Axios is a promise based HTTP client for the browser and Node

16 Apr

Fix available
Severity - 9.8 (Critical)

CLEANSTART-2026-HD58055

CleanStart/mongosh

Security fixes for CVE-2025-25285, CVE-2026-21637, ghsa-23c5-xmqv-rm74, ghsa-3ppc-4f35-3m26, ghsa-72xf-g2v4-qvf3, ghsa-7r86-cg39-jmmj, ghsa-pfrx-2q88-qq97, ghsa-rc47-6667-2j5j, ghsa-rmvr-2pp2-xj38 applied in versions: 2.6.0-r1, 2.6.0-r2

01 Apr

Fix available

CLEANSTART-2026-FN55648

CleanStart/mongosh

Security fixes for CVE-2025-25285, CVE-2026-21637, ghsa-23c5-xmqv-rm74, ghsa-72xf-g2v4-qvf3, ghsa-7r86-cg39-jmmj, ghsa-fj3w-jwp8-x2g3, ghsa-pfrx-2q88-qq97, ghsa-rc47-6667-2j5j, ghsa-rmvr-2pp2-xj38 applied in versions: 2.6.0-r1, 2.7.0-r0

01 Apr

Fix available

CLEANSTART-2026-OW14897

CleanStart/mongosh

Security fixes for CVE-2025-25285, CVE-2025-69873, CVE-2026-21637, ghsa-23c5-xmqv-rm74, ghsa-72xf-g2v4-qvf3, ghsa-7r86-cg39-jmmj, ghsa-pfrx-2q88-qq97, ghsa-rc47-6667-2j5j, ghsa-rmvr-2pp2-xj38 applied in versions: 2.5.10-r2, 2.5.10-r3, 2.6.0-r1

01 Apr

Fix available

CLEANSTART-2026-QY24299

CleanStart/mongosh

@octokit/endpoint turns REST API endpoints into generic request options

07 Mar

Fix available
Severity - 9.8 (Critical)

CVE-2025-25290

github.com/octokit/request.js

@octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

14 Feb 2025

Fix available
Severity - 5.3 (Medium)

GHSA-rmvr-2pp2-xj38

npm/@octokit/request

@octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

14 Feb 2025

Fix available
Severity - 5.3 (Medium)