Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/14933?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/14933?format=api", "purl": "pkg:npm/sequelize@3.19.3", "type": "npm", "namespace": "", "name": "sequelize", "version": "3.19.3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "6.37.8", "latest_non_vulnerable_version": "7.0.0-next.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/149902?format=api", "vulnerability_id": "VCID-1vrt-1c8d-a7f8", "summary": "Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22579", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61151", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61262", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61266", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61257", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22579" }, { "reference_url": "https://csirt.divd.nl/DIVD-2022-00020", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://csirt.divd.nl/DIVD-2022-00020" }, { "reference_url": "https://github.com/sequelize/sequelize", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize" }, { "reference_url": "https://github.com/sequelize/sequelize/discussions/15698", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/discussions/15698" }, { "reference_url": "https://github.com/sequelize/sequelize/pull/15375", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/pull/15375" }, { "reference_url": "https://github.com/sequelize/sequelize/pull/15699", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/pull/15699" }, { "reference_url": "https://github.com/sequelize/sequelize/releases/tag/v6.28.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/releases/tag/v6.28.1" }, { "reference_url": "https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20" }, { "reference_url": "https://github.com/sequelize/sequelize/security/advisories/GHSA-vqfx-gj96-3w95", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/security/advisories/GHSA-vqfx-gj96-3w95" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22579", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22579" }, { "reference_url": "https://csirt.divd.nl/CVE-2023-22579", "reference_id": "CVE-2023-22579", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:45:28Z/" } ], "url": "https://csirt.divd.nl/CVE-2023-22579" }, { "reference_url": "https://csirt.divd.nl/DIVD-2022-00020/", "reference_id": "DIVD-2022-00020", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:45:28Z/" } ], "url": "https://csirt.divd.nl/DIVD-2022-00020/" }, { "reference_url": "https://github.com/advisories/GHSA-vqfx-gj96-3w95", "reference_id": "GHSA-vqfx-gj96-3w95", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vqfx-gj96-3w95" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380382?format=api", "purl": "pkg:npm/sequelize@6.28.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nggk-kexj-h3fh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@6.28.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/614069?format=api", "purl": "pkg:npm/sequelize@7.0.0-alpha.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@7.0.0-alpha.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/392969?format=api", "purl": "pkg:npm/sequelize@7.0.0-next.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@7.0.0-next.1" } ], "aliases": [ "CVE-2023-22579", "GHSA-vqfx-gj96-3w95" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1vrt-1c8d-a7f8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/203198?format=api", "vulnerability_id": "VCID-52ex-weu3-4kfa", "summary": "SQL Injection in sequelize", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10556", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.4489", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44739", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44892", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44905", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10556" }, { "reference_url": "https://github.com/sequelize/sequelize/commit/23952a2b020cc3571f090e67dae7feb084e1be71", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/commit/23952a2b020cc3571f090e67dae7feb084e1be71" }, { "reference_url": "https://github.com/sequelize/sequelize/commits/v3.20.0?after=62e4dacb28a779a190a3e042b971dcd8c7926e49+34&branch=v3.20.0&qualified_name=refs%2Ftags%2Fv3.20.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/commits/v3.20.0?after=62e4dacb28a779a190a3e042b971dcd8c7926e49+34&branch=v3.20.0&qualified_name=refs%2Ftags%2Fv3.20.0" }, { "reference_url": "https://github.com/sequelize/sequelize/issues/5671", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/issues/5671" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10556", "reference_id": "CVE-2016-10556", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10556" }, { "reference_url": "https://github.com/advisories/GHSA-9c2p-jw8p-f84v", "reference_id": "GHSA-9c2p-jw8p-f84v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9c2p-jw8p-f84v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/14934?format=api", "purl": "pkg:npm/sequelize@3.20.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrt-1c8d-a7f8" }, { "vulnerability": "VCID-9w1y-5mj4-k7ak" }, { "vulnerability": "VCID-ezu8-tyrr-97h8" }, { "vulnerability": "VCID-fb24-gte1-eye2" }, { "vulnerability": "VCID-j3y1-tes7-skgx" }, { "vulnerability": "VCID-knsq-g276-cud8" }, { "vulnerability": "VCID-pvvd-pgxk-6fb8" }, { "vulnerability": "VCID-q3k8-z561-5fgp" }, { "vulnerability": "VCID-qn7w-5asy-tqdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.20.0" } ], "aliases": [ "CVE-2016-10556", "GHSA-9c2p-jw8p-f84v" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-52ex-weu3-4kfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/361769?format=api", "vulnerability_id": "VCID-9w1y-5mj4-k7ak", "summary": "SQL Injection via GeoJSON\nSequelizeJS is vulnerable to SQL injection via GeoJSON documents containing a value with a single quote. This vulnerability affects postresql/postgis as well as MySQL.", "references": [ { "reference_url": "https://github.com/sequelize/sequelize/issues/6194", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/sequelize/sequelize/issues/6194" }, { "reference_url": "https://github.com/sequelize/sequelize/pull/6302/commits/f93af43a1d86400487f5e3d9762f1a4b7cf6b1e1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/sequelize/sequelize/pull/6302/commits/f93af43a1d86400487f5e3d9762f1a4b7cf6b1e1" }, { "reference_url": "https://github.com/sequelize/sequelize/pull/6303/commits/a81ac1f38476d553c92d522913e91c6e07acc4fa", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/sequelize/sequelize/pull/6303/commits/a81ac1f38476d553c92d522913e91c6e07acc4fa" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/388668?format=api", "purl": "pkg:npm/sequelize@3.23.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrt-1c8d-a7f8" }, { "vulnerability": "VCID-ezu8-tyrr-97h8" }, { "vulnerability": "VCID-fb24-gte1-eye2" }, { "vulnerability": "VCID-j3y1-tes7-skgx" }, { "vulnerability": "VCID-knsq-g276-cud8" }, { "vulnerability": "VCID-pvvd-pgxk-6fb8" }, { "vulnerability": "VCID-q3k8-z561-5fgp" }, { "vulnerability": "VCID-qn7w-5asy-tqdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.23.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/408757?format=api", "purl": "pkg:npm/sequelize@4.0.0-0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrt-1c8d-a7f8" }, { "vulnerability": "VCID-ezu8-tyrr-97h8" }, { "vulnerability": "VCID-knsq-g276-cud8" }, { "vulnerability": "VCID-pvvd-pgxk-6fb8" }, { "vulnerability": "VCID-qn7w-5asy-tqdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@4.0.0-0" } ], "aliases": [ "GMS-2016-41" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9w1y-5mj4-k7ak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/149464?format=api", "vulnerability_id": "VCID-ezu8-tyrr-97h8", "summary": "Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22580", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52379", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52501", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52519", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52507", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22580" }, { "reference_url": "https://csirt.divd.nl/DIVD-2022-00020", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://csirt.divd.nl/DIVD-2022-00020" }, { "reference_url": "https://github.com/sequelize/sequelize", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize" }, { "reference_url": "https://github.com/sequelize/sequelize/pull/15375", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/pull/15375" }, { "reference_url": "https://github.com/sequelize/sequelize/pull/15699", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/pull/15699" }, { "reference_url": "https://github.com/sequelize/sequelize/releases/tag/v6.28.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/releases/tag/v6.28.1" }, { "reference_url": "https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22580", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22580" }, { "reference_url": "https://csirt.divd.nl/CVE-2023-22580", "reference_id": "CVE-2023-22580", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:49:39Z/" } ], "url": "https://csirt.divd.nl/CVE-2023-22580" }, { "reference_url": "https://csirt.divd.nl/DIVD-2022-00020/", "reference_id": "DIVD-2022-00020", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:49:39Z/" } ], "url": "https://csirt.divd.nl/DIVD-2022-00020/" }, { "reference_url": "https://github.com/advisories/GHSA-8c25-f3mj-v6h8", "reference_id": "GHSA-8c25-f3mj-v6h8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8c25-f3mj-v6h8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380382?format=api", "purl": "pkg:npm/sequelize@6.28.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nggk-kexj-h3fh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@6.28.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/614069?format=api", "purl": "pkg:npm/sequelize@7.0.0-alpha.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@7.0.0-alpha.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/392969?format=api", "purl": "pkg:npm/sequelize@7.0.0-next.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@7.0.0-next.1" } ], "aliases": [ "CVE-2023-22580", "GHSA-8c25-f3mj-v6h8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ezu8-tyrr-97h8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204194?format=api", "vulnerability_id": "VCID-fb24-gte1-eye2", "summary": "SQL Injection in sequelize", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10749", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58488", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58376", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58494", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58504", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10749" }, { "reference_url": "https://github.com/sequelize/sequelize/commit/ee4017379db0059566ecb5424274ad4e2d66bc68", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/commit/ee4017379db0059566ecb5424274ad4e2d66bc68" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450222", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450222" }, { "reference_url": "https://www.npmjs.com/advisories/1017", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1017" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10749", "reference_id": "CVE-2019-10749", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10749" }, { "reference_url": "https://github.com/advisories/GHSA-2598-2f59-rmhq", "reference_id": "GHSA-2598-2f59-rmhq", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2598-2f59-rmhq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15692?format=api", "purl": "pkg:npm/sequelize@3.35.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrt-1c8d-a7f8" }, { "vulnerability": "VCID-ezu8-tyrr-97h8" }, { "vulnerability": "VCID-knsq-g276-cud8" }, { "vulnerability": "VCID-pvvd-pgxk-6fb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.35.1" } ], "aliases": [ "CVE-2019-10749", "GHSA-2598-2f59-rmhq" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fb24-gte1-eye2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/361827?format=api", "vulnerability_id": "VCID-hfs8-z16t-a3bk", "summary": "Improper Escaping of Bound Arrays\nIn Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped.", "references": [ { "reference_url": "https://github.com/sequelize/sequelize/issues/5671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/sequelize/sequelize/issues/5671" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/14934?format=api", "purl": "pkg:npm/sequelize@3.20.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrt-1c8d-a7f8" }, { "vulnerability": "VCID-9w1y-5mj4-k7ak" }, { "vulnerability": "VCID-ezu8-tyrr-97h8" }, { "vulnerability": "VCID-fb24-gte1-eye2" }, { "vulnerability": "VCID-j3y1-tes7-skgx" }, { "vulnerability": "VCID-knsq-g276-cud8" }, { "vulnerability": "VCID-pvvd-pgxk-6fb8" }, { "vulnerability": "VCID-q3k8-z561-5fgp" }, { "vulnerability": "VCID-qn7w-5asy-tqdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.20.0" } ], "aliases": [ "GMS-2016-78" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hfs8-z16t-a3bk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204192?format=api", "vulnerability_id": "VCID-j3y1-tes7-skgx", "summary": "SQL Injection in sequelize", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10748", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62962", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62861", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.6297", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62974", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10748" }, { "reference_url": "https://github.com/sequelize/sequelize/commit/a72a3f5,", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/commit/a72a3f5," }, { "reference_url": "https://github.com/sequelize/sequelize/pull/11089,", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/pull/11089," }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450221", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450221" }, { "reference_url": "https://www.npmjs.com/advisories/1018", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1018" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10748", "reference_id": "CVE-2019-10748", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10748" }, { "reference_url": "https://github.com/advisories/GHSA-j9xp-92vc-559j", "reference_id": "GHSA-j9xp-92vc-559j", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j9xp-92vc-559j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15692?format=api", "purl": "pkg:npm/sequelize@3.35.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrt-1c8d-a7f8" }, { "vulnerability": "VCID-ezu8-tyrr-97h8" }, { "vulnerability": "VCID-knsq-g276-cud8" }, { "vulnerability": "VCID-pvvd-pgxk-6fb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.35.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/15688?format=api", "purl": "pkg:npm/sequelize@4.44.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrt-1c8d-a7f8" }, { "vulnerability": "VCID-ezu8-tyrr-97h8" }, { "vulnerability": "VCID-knsq-g276-cud8" }, { "vulnerability": "VCID-pvvd-pgxk-6fb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@4.44.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/15694?format=api", "purl": "pkg:npm/sequelize@5.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrt-1c8d-a7f8" }, { "vulnerability": "VCID-ezu8-tyrr-97h8" }, { "vulnerability": "VCID-j3y1-tes7-skgx" }, { "vulnerability": "VCID-pvvd-pgxk-6fb8" }, { "vulnerability": "VCID-yhkc-r66a-e7bk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@5.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/448998?format=api", "purl": "pkg:npm/sequelize@5.8.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrt-1c8d-a7f8" }, { "vulnerability": "VCID-ezu8-tyrr-97h8" }, { "vulnerability": "VCID-pvvd-pgxk-6fb8" }, { "vulnerability": "VCID-yhkc-r66a-e7bk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@5.8.12" } ], "aliases": [ "CVE-2019-10748", "GHSA-j9xp-92vc-559j" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j3y1-tes7-skgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/205866?format=api", "vulnerability_id": "VCID-knsq-g276-cud8", "summary": "Denial of Service in sequelize", "references": [ { "reference_url": "https://github.com/sequelize/sequelize/pull/11877", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/pull/11877" }, { "reference_url": "https://www.npmjs.com/advisories/1142", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1142" }, { "reference_url": "https://github.com/advisories/GHSA-fw4p-36j9-rrj3", "reference_id": "GHSA-fw4p-36j9-rrj3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fw4p-36j9-rrj3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17480?format=api", "purl": "pkg:npm/sequelize@4.44.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrt-1c8d-a7f8" }, { "vulnerability": "VCID-ezu8-tyrr-97h8" }, { "vulnerability": "VCID-pvvd-pgxk-6fb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@4.44.4" } ], "aliases": [ "GHSA-fw4p-36j9-rrj3", "GMS-2020-771" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-knsq-g276-cud8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/129236?format=api", "vulnerability_id": "VCID-pvvd-pgxk-6fb8", "summary": "Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the specific queries in use. The issue has been fixed in Sequelize 6.19.1. Users are advised to upgrade. Users unable to upgrade should not use the `replacements` and the `where` option in the same query.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25813", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03518", "scoring_system": "epss", "scoring_elements": "0.87955", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.03518", "scoring_system": "epss", "scoring_elements": "0.8796", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.03518", "scoring_system": "epss", "scoring_elements": "0.87914", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.03518", "scoring_system": "epss", "scoring_elements": "0.87962", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25813" }, { "reference_url": "https://github.com/sequelize/sequelize", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25813", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25813" }, { "reference_url": "https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-2932027", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-2932027" }, { "reference_url": "https://github.com/sequelize/sequelize/issues/14519", "reference_id": "14519", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:23Z/" } ], "url": "https://github.com/sequelize/sequelize/issues/14519" }, { "reference_url": "https://github.com/sequelize/sequelize/commit/ccaa3996047fe00048d5993ab2dd43ebadd4f78b", "reference_id": "ccaa3996047fe00048d5993ab2dd43ebadd4f78b", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:23Z/" } ], "url": "https://github.com/sequelize/sequelize/commit/ccaa3996047fe00048d5993ab2dd43ebadd4f78b" }, { "reference_url": "https://github.com/advisories/GHSA-wrh9-cjv3-2hpw", "reference_id": "GHSA-wrh9-cjv3-2hpw", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wrh9-cjv3-2hpw" }, { "reference_url": "https://github.com/sequelize/sequelize/security/advisories/GHSA-wrh9-cjv3-2hpw", "reference_id": "GHSA-wrh9-cjv3-2hpw", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:23Z/" } ], "url": "https://github.com/sequelize/sequelize/security/advisories/GHSA-wrh9-cjv3-2hpw" }, { "reference_url": "https://github.com/sequelize/sequelize/releases/tag/v6.19.1", "reference_id": "v6.19.1", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:23Z/" } ], "url": "https://github.com/sequelize/sequelize/releases/tag/v6.19.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380496?format=api", "purl": "pkg:npm/sequelize@6.19.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrt-1c8d-a7f8" }, { "vulnerability": "VCID-ezu8-tyrr-97h8" }, { "vulnerability": "VCID-nggk-kexj-h3fh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@6.19.1" } ], "aliases": [ "CVE-2023-25813", "GHSA-wrh9-cjv3-2hpw" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pvvd-pgxk-6fb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/205245?format=api", "vulnerability_id": "VCID-q3k8-z561-5fgp", "summary": "SQL Injection via GeoJSON in sequelize", "references": [ { "reference_url": "http://docs.sequelizejs.com/en/latest/api/datatypes/#geometry", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" } ], "url": "http://docs.sequelizejs.com/en/latest/api/datatypes/#geometry" }, { "reference_url": "http://geojson.org/", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" } ], "url": "http://geojson.org/" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1000225", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06541", "scoring_system": "epss", "scoring_elements": "0.91367", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.06541", "scoring_system": "epss", "scoring_elements": "0.91372", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.06541", "scoring_system": "epss", "scoring_elements": "0.91375", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1000225" }, { "reference_url": "https://github.com/sequelize/sequelize", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize" }, { "reference_url": "https://github.com/sequelize/sequelize/commit/14e3deaf3ad27f12900e5275db1d448844c9de3e", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/commit/14e3deaf3ad27f12900e5275db1d448844c9de3e" }, { "reference_url": "https://github.com/sequelize/sequelize/commit/18ac91040d9c57351d26ba998f460e214255b704", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/commit/18ac91040d9c57351d26ba998f460e214255b704" }, { "reference_url": "https://github.com/sequelize/sequelize/commit/562d52585902090f4e53eb21c61314098c29d795", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/commit/562d52585902090f4e53eb21c61314098c29d795" }, { "reference_url": "https://github.com/sequelize/sequelize/commit/f93af43a1d86400487f5e3d9762f1a4b7cf6b1e1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/commit/f93af43a1d86400487f5e3d9762f1a4b7cf6b1e1" }, { "reference_url": "https://github.com/sequelize/sequelize/issues/6194", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/issues/6194" }, { "reference_url": "https://github.com/sequelize/sequelize/pull/6302", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/pull/6302" }, { "reference_url": "https://github.com/sequelize/sequelize/pull/6306", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/pull/6306" }, { "reference_url": "https://snyk.io/vuln/npm:sequelize:20160718", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/npm:sequelize:20160718" }, { "reference_url": "https://www.npmjs.com/advisories/122", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.npmjs.com/advisories/122" }, { "reference_url": "https://github.com/nodejs/security-wg/blob/main/vuln/npm/122.json", "reference_id": "122", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" } ], "url": "https://github.com/nodejs/security-wg/blob/main/vuln/npm/122.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000225", "reference_id": "CVE-2016-1000225", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000225" }, { "reference_url": "https://github.com/advisories/GHSA-5v9h-q3gj-c32x", "reference_id": "GHSA-5v9h-q3gj-c32x", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5v9h-q3gj-c32x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16946?format=api", "purl": "pkg:npm/sequelize@3.23.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrt-1c8d-a7f8" }, { "vulnerability": "VCID-ezu8-tyrr-97h8" }, { "vulnerability": "VCID-fb24-gte1-eye2" }, { "vulnerability": "VCID-j3y1-tes7-skgx" }, { "vulnerability": "VCID-knsq-g276-cud8" }, { "vulnerability": "VCID-pvvd-pgxk-6fb8" }, { "vulnerability": "VCID-qn7w-5asy-tqdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.23.6" } ], "aliases": [ "CVE-2016-1000225", "GHSA-5v9h-q3gj-c32x", "GMS-2020-770" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q3k8-z561-5fgp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/203707?format=api", "vulnerability_id": "VCID-qn7w-5asy-tqdh", "summary": "NoSQL Injection in sequelize", "references": [ { "reference_url": "https://github.com/sequelize/sequelize", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize" }, { "reference_url": "https://github.com/sequelize/sequelize/commit/ccb99daedb69e8750a241436415ccac8abef358d", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/commit/ccb99daedb69e8750a241436415ccac8abef358d" }, { "reference_url": "https://github.com/sequelize/sequelize/issues/7310", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/issues/7310" }, { "reference_url": "https://github.com/sequelize/sequelize/pull/8240", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/pull/8240" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-SEQUELIZE-174147", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JS-SEQUELIZE-174147" }, { "reference_url": "https://www.npmjs.com/advisories/820", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.npmjs.com/advisories/820" }, { "reference_url": "https://www.npmjs.com/advisories/820/versions", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.npmjs.com/advisories/820/versions" }, { "reference_url": "https://github.com/advisories/GHSA-wfp9-vr4j-f49j", "reference_id": "GHSA-wfp9-vr4j-f49j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wfp9-vr4j-f49j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15335?format=api", "purl": "pkg:npm/sequelize@4.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrt-1c8d-a7f8" }, { "vulnerability": "VCID-ezu8-tyrr-97h8" }, { "vulnerability": "VCID-j3y1-tes7-skgx" }, { "vulnerability": "VCID-knsq-g276-cud8" }, { "vulnerability": "VCID-pvvd-pgxk-6fb8" }, { "vulnerability": "VCID-yhkc-r66a-e7bk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@4.12.0" } ], "aliases": [ "GHSA-wfp9-vr4j-f49j", "GMS-2019-139" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qn7w-5asy-tqdh" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.19.3" }