Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/614008?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/614008?format=api", "purl": "pkg:npm/sequelize@6.5.1", "type": "npm", "namespace": "", "name": "sequelize", "version": "6.5.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "6.37.8", "latest_non_vulnerable_version": "7.0.0-next.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/149902?format=api", "vulnerability_id": "VCID-1vrt-1c8d-a7f8", "summary": "Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22579", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61151", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61262", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61266", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61257", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22579" }, { "reference_url": "https://csirt.divd.nl/DIVD-2022-00020", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://csirt.divd.nl/DIVD-2022-00020" }, { "reference_url": "https://github.com/sequelize/sequelize", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize" }, { "reference_url": "https://github.com/sequelize/sequelize/discussions/15698", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/discussions/15698" }, { "reference_url": "https://github.com/sequelize/sequelize/pull/15375", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/pull/15375" }, { "reference_url": "https://github.com/sequelize/sequelize/pull/15699", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/pull/15699" }, { "reference_url": "https://github.com/sequelize/sequelize/releases/tag/v6.28.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/releases/tag/v6.28.1" }, { "reference_url": "https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20" }, { "reference_url": "https://github.com/sequelize/sequelize/security/advisories/GHSA-vqfx-gj96-3w95", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/security/advisories/GHSA-vqfx-gj96-3w95" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22579", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22579" }, { "reference_url": "https://csirt.divd.nl/CVE-2023-22579", "reference_id": "CVE-2023-22579", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:45:28Z/" } ], "url": "https://csirt.divd.nl/CVE-2023-22579" }, { "reference_url": "https://csirt.divd.nl/DIVD-2022-00020/", "reference_id": "DIVD-2022-00020", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:45:28Z/" } ], "url": "https://csirt.divd.nl/DIVD-2022-00020/" }, { "reference_url": "https://github.com/advisories/GHSA-vqfx-gj96-3w95", "reference_id": "GHSA-vqfx-gj96-3w95", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vqfx-gj96-3w95" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380382?format=api", "purl": "pkg:npm/sequelize@6.28.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nggk-kexj-h3fh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@6.28.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/614069?format=api", "purl": "pkg:npm/sequelize@7.0.0-alpha.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@7.0.0-alpha.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/392969?format=api", "purl": "pkg:npm/sequelize@7.0.0-next.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@7.0.0-next.1" } ], "aliases": [ "CVE-2023-22579", "GHSA-vqfx-gj96-3w95" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1vrt-1c8d-a7f8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/149464?format=api", "vulnerability_id": "VCID-ezu8-tyrr-97h8", "summary": "Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22580", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52379", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52501", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52519", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52507", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22580" }, { "reference_url": "https://csirt.divd.nl/DIVD-2022-00020", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://csirt.divd.nl/DIVD-2022-00020" }, { "reference_url": "https://github.com/sequelize/sequelize", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize" }, { "reference_url": "https://github.com/sequelize/sequelize/pull/15375", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/pull/15375" }, { "reference_url": "https://github.com/sequelize/sequelize/pull/15699", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/pull/15699" }, { "reference_url": "https://github.com/sequelize/sequelize/releases/tag/v6.28.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/releases/tag/v6.28.1" }, { "reference_url": "https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22580", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22580" }, { "reference_url": "https://csirt.divd.nl/CVE-2023-22580", "reference_id": "CVE-2023-22580", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:49:39Z/" } ], "url": "https://csirt.divd.nl/CVE-2023-22580" }, { "reference_url": "https://csirt.divd.nl/DIVD-2022-00020/", "reference_id": "DIVD-2022-00020", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:49:39Z/" } ], "url": "https://csirt.divd.nl/DIVD-2022-00020/" }, { "reference_url": "https://github.com/advisories/GHSA-8c25-f3mj-v6h8", "reference_id": "GHSA-8c25-f3mj-v6h8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8c25-f3mj-v6h8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380382?format=api", "purl": "pkg:npm/sequelize@6.28.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nggk-kexj-h3fh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@6.28.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/614069?format=api", "purl": "pkg:npm/sequelize@7.0.0-alpha.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@7.0.0-alpha.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/392969?format=api", "purl": "pkg:npm/sequelize@7.0.0-next.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@7.0.0-next.1" } ], "aliases": [ "CVE-2023-22580", "GHSA-8c25-f3mj-v6h8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ezu8-tyrr-97h8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66523?format=api", "vulnerability_id": "VCID-nggk-kexj-h3fh", "summary": "Sequelize is a Node.js ORM tool. Prior to 6.37.8, there is SQL injection via unescaped cast type in JSON/JSONB where clause processing. The _traverseJSON() function splits JSON path keys on :: to extract a cast type, which is interpolated raw into CAST(... AS <type>) SQL. An attacker who controls JSON object keys can inject arbitrary SQL and exfiltrate data from any table. This vulnerability is fixed in 6.37.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30951.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30951.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30951", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05855", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05837", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05846", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05828", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30951" }, { "reference_url": "https://github.com/sequelize/sequelize", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446250", "reference_id": "2446250", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446250" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30951", "reference_id": "CVE-2026-30951", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30951" }, { "reference_url": "https://github.com/advisories/GHSA-6457-6jrx-69cr", "reference_id": "GHSA-6457-6jrx-69cr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6457-6jrx-69cr" }, { "reference_url": "https://github.com/sequelize/sequelize/security/advisories/GHSA-6457-6jrx-69cr", "reference_id": "GHSA-6457-6jrx-69cr", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:40:09Z/" } ], "url": "https://github.com/sequelize/sequelize/security/advisories/GHSA-6457-6jrx-69cr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8498", "reference_id": "RHSA-2026:8498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8498" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40648?format=api", "purl": "pkg:npm/sequelize@6.37.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@6.37.8" } ], "aliases": [ "CVE-2026-30951", "GHSA-6457-6jrx-69cr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nggk-kexj-h3fh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/129236?format=api", "vulnerability_id": "VCID-pvvd-pgxk-6fb8", "summary": "Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the specific queries in use. The issue has been fixed in Sequelize 6.19.1. Users are advised to upgrade. Users unable to upgrade should not use the `replacements` and the `where` option in the same query.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25813", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03518", "scoring_system": "epss", "scoring_elements": "0.87955", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.03518", "scoring_system": "epss", "scoring_elements": "0.8796", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.03518", "scoring_system": "epss", "scoring_elements": "0.87914", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.03518", "scoring_system": "epss", "scoring_elements": "0.87962", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25813" }, { "reference_url": "https://github.com/sequelize/sequelize", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sequelize/sequelize" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25813", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25813" }, { "reference_url": "https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-2932027", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-2932027" }, { "reference_url": "https://github.com/sequelize/sequelize/issues/14519", "reference_id": "14519", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:23Z/" } ], "url": "https://github.com/sequelize/sequelize/issues/14519" }, { "reference_url": "https://github.com/sequelize/sequelize/commit/ccaa3996047fe00048d5993ab2dd43ebadd4f78b", "reference_id": "ccaa3996047fe00048d5993ab2dd43ebadd4f78b", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:23Z/" } ], "url": "https://github.com/sequelize/sequelize/commit/ccaa3996047fe00048d5993ab2dd43ebadd4f78b" }, { "reference_url": "https://github.com/advisories/GHSA-wrh9-cjv3-2hpw", "reference_id": "GHSA-wrh9-cjv3-2hpw", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wrh9-cjv3-2hpw" }, { "reference_url": "https://github.com/sequelize/sequelize/security/advisories/GHSA-wrh9-cjv3-2hpw", "reference_id": "GHSA-wrh9-cjv3-2hpw", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:23Z/" } ], "url": "https://github.com/sequelize/sequelize/security/advisories/GHSA-wrh9-cjv3-2hpw" }, { "reference_url": "https://github.com/sequelize/sequelize/releases/tag/v6.19.1", "reference_id": "v6.19.1", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:23Z/" } ], "url": "https://github.com/sequelize/sequelize/releases/tag/v6.19.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380496?format=api", "purl": "pkg:npm/sequelize@6.19.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrt-1c8d-a7f8" }, { "vulnerability": "VCID-ezu8-tyrr-97h8" }, { "vulnerability": "VCID-nggk-kexj-h3fh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@6.19.1" } ], "aliases": [ "CVE-2023-25813", "GHSA-wrh9-cjv3-2hpw" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pvvd-pgxk-6fb8" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@6.5.1" }