Advisories for Npm/Mongo-Express package

In mongo-express 1.0.2, /admin allows CSRF, as demonstrated by deletion of a Collection.

mongo-express is a web-based MongoDB admin interface, written with Node.js and express.

Mongo-express is vulnerable to Denial of Service (DoS) when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash.

mongo-express offers support for certain advanced syntax but implements this in an unsafe way

Remote code execution on the host machine by any authenticated user.