DepKeep

OSS Support Hub / Database Tools

Node.js Database Tools MIT Latest: 8.24.0

Mongoose

Elegant MongoDB object modeling for Node.js with built-in type casting and validation

npmGitHub
Health Metrics

Project Health at a Glance

Live data from GitHub and npm, updated daily.

โญ
27.5K
GitHub Stars
๐Ÿ“ฆ
8.24.0
Latest Release ยท Yesterday
๐Ÿ”„
6d
Avg. Release Cadence
๐Ÿ›
187
Open Issues
๐Ÿ“…
Yesterday
Last Commit
โฌ‡๏ธ
5.4M
Weekly Downloads
๐Ÿ”’
8
Active CVEs

Data last fetched: 2026-05-15

Security

Known Vulnerabilities

8 active CVEs reported via OSV.dev

GHSA-8687-vv9j-hgph CVSS_V3

Improper Input Validation in Automattic Mongoose

Published: 2019-10-22 Fixed in: 5.7.5
GHSA-9m93-w8w6-76hh CVSS_V3

Mongoose Prototype Pollution vulnerability

Published: 2023-07-17 Fixed in: 7.3.3
GHSA-f825-f98c-gj3g CVSS_V3

automattic/mongoose vulnerable to Prototype pollution via Schema.path

Published: 2022-07-29 Fixed in: 6.4.6
GHSA-h8hf-x3f4-xwgp CVSS_V3

Mongoose Vulnerable to Prototype Pollution in Schema Object

Published: 2022-08-27 Fixed in: 6.4.6
GHSA-m7xq-9374-9rvx CVSS_V3

Mongoose search injection vulnerability

Published: 2024-12-02 Fixed in: 8.8.3
GHSA-r5xw-q988-826m CVSS_V3

Remote Memory Exposure in mongoose

Published: 2020-09-01 Fixed in: 3.8.39
GHSA-vg7j-7cwx-8wgw CVSS_V3

Mongoose search injection vulnerability

Published: 2025-01-15 Fixed in: 8.9.5
GHSA-wpg9-53fq-2r8h CVSS_V3

Mongoose's Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection

Published: 2026-05-05 Fixed in: 6.13.9
Ecosystem

Alternatives to Mongoose

Other Database Tools projects in the Node.js ecosystem worth evaluating.

prisma โ†’ typeorm โ†’ mongodb โ†’
Get Help

Support Options for Mongoose

Enterprise Support via DepKeep

Get SLA-backed support, security patches, and direct access to senior engineers for Mongoose โ€” without relying on volunteer maintainers.

Talk to an Expert โ†’

Community Channels

GitHub Discussions โ†’Stack Overflow โ†’