Major Vulnerabilities in Mongoose Library Allow Remote Code Execution on Node.js Servers

Two major vulnerabilities (CVE-2024-53900, CVE-2025-23061) in the Mongoose library enable remote code execution on Node.js servers. Attackers are exploiting the $where value to bypass patches, posing a serious threat to application security. Users of Mongoose are advised to apply security updates to protect themselves.