Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/448901?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/448901?format=api", "purl": "pkg:npm/sequelize@4.28.0", "type": "npm", "namespace": "", "name": "sequelize", "version": "4.28.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "6.37.8", "latest_non_vulnerable_version": "7.0.0-next.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/149902?format=api", "vulnerability_id": "VCID-1vrt-1c8d-a7f8", "summary": "Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22579", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61151", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61262", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61266", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61257", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22579" }, { "reference_url": "https://csirt.divd.nl/DIVD-2022-00020", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://csirt.divd.nl/DIVD-2022-00020" }, { "reference_url": "https://github.com/sequelize/sequelize", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize" }, { "reference_url": "https://github.com/sequelize/sequelize/discussions/15698", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/discussions/15698" }, { "reference_url": "https://github.com/sequelize/sequelize/pull/15375", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/pull/15375" }, { "reference_url": "https://github.com/sequelize/sequelize/pull/15699", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/pull/15699" }, { "reference_url": "https://github.com/sequelize/sequelize/releases/tag/v6.28.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/releases/tag/v6.28.1" }, { "reference_url": "https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20" }, { "reference_url": "https://github.com/sequelize/sequelize/security/advisories/GHSA-vqfx-gj96-3w95", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/security/advisories/GHSA-vqfx-gj96-3w95" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22579", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22579" }, { "reference_url": "https://csirt.divd.nl/CVE-2023-22579", "reference_id": "CVE-2023-22579", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:45:28Z/" } ], "url": "https://csirt.divd.nl/CVE-2023-22579" }, { "reference_url": "https://csirt.divd.nl/DIVD-2022-00020/", "reference_id": "DIVD-2022-00020", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:45:28Z/" } ], "url": "https://csirt.divd.nl/DIVD-2022-00020/" }, { "reference_url": "https://github.com/advisories/GHSA-vqfx-gj96-3w95", "reference_id": "GHSA-vqfx-gj96-3w95", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vqfx-gj96-3w95" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380382?format=api", "purl": "pkg:npm/sequelize@6.28.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nggk-kexj-h3fh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@6.28.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/614069?format=api", "purl": "pkg:npm/sequelize@7.0.0-alpha.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@7.0.0-alpha.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/392969?format=api", "purl": "pkg:npm/sequelize@7.0.0-next.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@7.0.0-next.1" } ], "aliases": [ "CVE-2023-22579", "GHSA-vqfx-gj96-3w95" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1vrt-1c8d-a7f8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/149464?format=api", "vulnerability_id": "VCID-ezu8-tyrr-97h8", "summary": "Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22580", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52379", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52501", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52519", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52507", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22580" }, { "reference_url": "https://csirt.divd.nl/DIVD-2022-00020", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://csirt.divd.nl/DIVD-2022-00020" }, { "reference_url": "https://github.com/sequelize/sequelize", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize" }, { "reference_url": "https://github.com/sequelize/sequelize/pull/15375", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/pull/15375" }, { "reference_url": "https://github.com/sequelize/sequelize/pull/15699", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/pull/15699" }, { "reference_url": "https://github.com/sequelize/sequelize/releases/tag/v6.28.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/releases/tag/v6.28.1" }, { "reference_url": "https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22580", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22580" }, { "reference_url": "https://csirt.divd.nl/CVE-2023-22580", "reference_id": "CVE-2023-22580", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:49:39Z/" } ], "url": "https://csirt.divd.nl/CVE-2023-22580" }, { "reference_url": "https://csirt.divd.nl/DIVD-2022-00020/", "reference_id": "DIVD-2022-00020", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:49:39Z/" } ], "url": "https://csirt.divd.nl/DIVD-2022-00020/" }, { "reference_url": "https://github.com/advisories/GHSA-8c25-f3mj-v6h8", "reference_id": "GHSA-8c25-f3mj-v6h8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8c25-f3mj-v6h8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380382?format=api", "purl": "pkg:npm/sequelize@6.28.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nggk-kexj-h3fh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@6.28.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/614069?format=api", "purl": "pkg:npm/sequelize@7.0.0-alpha.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@7.0.0-alpha.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/392969?format=api", "purl": "pkg:npm/sequelize@7.0.0-next.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@7.0.0-next.1" } ], "aliases": [ "CVE-2023-22580", "GHSA-8c25-f3mj-v6h8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ezu8-tyrr-97h8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204192?format=api", "vulnerability_id": "VCID-j3y1-tes7-skgx", "summary": "SQL Injection in sequelize", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10748", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62962", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62861", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.6297", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62974", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10748" }, { "reference_url": "https://github.com/sequelize/sequelize/commit/a72a3f5,", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/commit/a72a3f5," }, { "reference_url": "https://github.com/sequelize/sequelize/pull/11089,", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/pull/11089," }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450221", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450221" }, { "reference_url": "https://www.npmjs.com/advisories/1018", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1018" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10748", "reference_id": "CVE-2019-10748", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10748" }, { "reference_url": "https://github.com/advisories/GHSA-j9xp-92vc-559j", "reference_id": "GHSA-j9xp-92vc-559j", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j9xp-92vc-559j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15688?format=api", "purl": "pkg:npm/sequelize@4.44.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrt-1c8d-a7f8" }, { "vulnerability": "VCID-ezu8-tyrr-97h8" }, { "vulnerability": "VCID-knsq-g276-cud8" }, { "vulnerability": "VCID-pvvd-pgxk-6fb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@4.44.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/15694?format=api", "purl": "pkg:npm/sequelize@5.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrt-1c8d-a7f8" }, { "vulnerability": "VCID-ezu8-tyrr-97h8" }, { "vulnerability": "VCID-j3y1-tes7-skgx" }, { "vulnerability": "VCID-pvvd-pgxk-6fb8" }, { "vulnerability": "VCID-yhkc-r66a-e7bk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@5.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/448998?format=api", "purl": "pkg:npm/sequelize@5.8.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrt-1c8d-a7f8" }, { "vulnerability": "VCID-ezu8-tyrr-97h8" }, { "vulnerability": "VCID-pvvd-pgxk-6fb8" }, { "vulnerability": "VCID-yhkc-r66a-e7bk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@5.8.12" } ], "aliases": [ "CVE-2019-10748", "GHSA-j9xp-92vc-559j" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j3y1-tes7-skgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/205866?format=api", "vulnerability_id": "VCID-knsq-g276-cud8", "summary": "Denial of Service in sequelize", "references": [ { "reference_url": "https://github.com/sequelize/sequelize/pull/11877", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/pull/11877" }, { "reference_url": "https://www.npmjs.com/advisories/1142", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1142" }, { "reference_url": "https://github.com/advisories/GHSA-fw4p-36j9-rrj3", "reference_id": "GHSA-fw4p-36j9-rrj3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fw4p-36j9-rrj3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17480?format=api", "purl": "pkg:npm/sequelize@4.44.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrt-1c8d-a7f8" }, { "vulnerability": "VCID-ezu8-tyrr-97h8" }, { "vulnerability": "VCID-pvvd-pgxk-6fb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@4.44.4" } ], "aliases": [ "GHSA-fw4p-36j9-rrj3", "GMS-2020-771" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-knsq-g276-cud8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/129236?format=api", "vulnerability_id": "VCID-pvvd-pgxk-6fb8", "summary": "Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the specific queries in use. The issue has been fixed in Sequelize 6.19.1. Users are advised to upgrade. Users unable to upgrade should not use the `replacements` and the `where` option in the same query.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25813", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03518", "scoring_system": "epss", "scoring_elements": "0.87955", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.03518", "scoring_system": "epss", "scoring_elements": "0.8796", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.03518", "scoring_system": "epss", "scoring_elements": "0.87914", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.03518", "scoring_system": "epss", "scoring_elements": "0.87962", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25813" }, { "reference_url": "https://github.com/sequelize/sequelize", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25813", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25813" }, { "reference_url": "https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-2932027", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-2932027" }, { "reference_url": "https://github.com/sequelize/sequelize/issues/14519", "reference_id": "14519", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:23Z/" } ], "url": "https://github.com/sequelize/sequelize/issues/14519" }, { "reference_url": "https://github.com/sequelize/sequelize/commit/ccaa3996047fe00048d5993ab2dd43ebadd4f78b", "reference_id": "ccaa3996047fe00048d5993ab2dd43ebadd4f78b", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:23Z/" } ], "url": "https://github.com/sequelize/sequelize/commit/ccaa3996047fe00048d5993ab2dd43ebadd4f78b" }, { "reference_url": "https://github.com/advisories/GHSA-wrh9-cjv3-2hpw", "reference_id": "GHSA-wrh9-cjv3-2hpw", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wrh9-cjv3-2hpw" }, { "reference_url": "https://github.com/sequelize/sequelize/security/advisories/GHSA-wrh9-cjv3-2hpw", "reference_id": "GHSA-wrh9-cjv3-2hpw", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:23Z/" } ], "url": "https://github.com/sequelize/sequelize/security/advisories/GHSA-wrh9-cjv3-2hpw" }, { "reference_url": "https://github.com/sequelize/sequelize/releases/tag/v6.19.1", "reference_id": "v6.19.1", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:23Z/" } ], "url": "https://github.com/sequelize/sequelize/releases/tag/v6.19.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380496?format=api", "purl": "pkg:npm/sequelize@6.19.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrt-1c8d-a7f8" }, { "vulnerability": "VCID-ezu8-tyrr-97h8" }, { "vulnerability": "VCID-nggk-kexj-h3fh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@6.19.1" } ], "aliases": [ "CVE-2023-25813", "GHSA-wrh9-cjv3-2hpw" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pvvd-pgxk-6fb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204189?format=api", "vulnerability_id": "VCID-yhkc-r66a-e7bk", "summary": "SQL Injection in sequelize", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10752", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62962", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62861", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.6297", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62974", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10752" }, { "reference_url": "https://github.com/sequelize/sequelize/commit/9bd0bc1,", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/commit/9bd0bc1," }, { "reference_url": "https://github.com/sequelize/sequelize/commit/9bd0bc111b6f502223edf7e902680f7cc2ed541e", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/commit/9bd0bc111b6f502223edf7e902680f7cc2ed541e" }, { "reference_url": "https://github.com/sequelize/sequelize/pull/11329", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/pull/11329" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-SEQUELIZE-459751", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JS-SEQUELIZE-459751" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-SEQUELIZE-459751,", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JS-SEQUELIZE-459751," }, { "reference_url": "https://www.npmjs.com/advisories/1146", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1146" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10752", "reference_id": "CVE-2019-10752", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10752" }, { "reference_url": "https://github.com/advisories/GHSA-m9jw-237r-gvfv", "reference_id": "GHSA-m9jw-237r-gvfv", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m9jw-237r-gvfv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15688?format=api", "purl": "pkg:npm/sequelize@4.44.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrt-1c8d-a7f8" }, { "vulnerability": "VCID-ezu8-tyrr-97h8" }, { "vulnerability": "VCID-knsq-g276-cud8" }, { "vulnerability": "VCID-pvvd-pgxk-6fb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@4.44.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/15687?format=api", "purl": "pkg:npm/sequelize@5.15.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrt-1c8d-a7f8" }, { "vulnerability": "VCID-ezu8-tyrr-97h8" }, { "vulnerability": "VCID-pvvd-pgxk-6fb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@5.15.1" } ], "aliases": [ "CVE-2019-10752", "GHSA-m9jw-237r-gvfv" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yhkc-r66a-e7bk" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@4.28.0" }