VulnerableCode Package Details - pkg:npm/mysql2@3.9.3

Search for packages

Vulnerability	Summary	Fixed by
VCID-2n2e-7xna-x3c5 Aliases: CVE-2024-21509 GHSA-49j4-86m8-q2jw	Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js.	3.9.4 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-nfyp-7vxe-mkgd Aliases: CVE-2024-21511 GHSA-4rch-2fh8-94vw	Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.	3.9.7 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-sgrh-4nnj-vqcj Aliases: CVE-2024-21512 GHSA-pmh2-wpjm-fj45	Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.	3.9.8 Affected by 0 other vulnerabilities.
VCID-u9gj-xfsc-6fhb Aliases: CVE-2024-21508 GHSA-fpw7-j2hg-69v5	Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values.	3.9.4 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-2n2e-7xna-x3c5
Aliases:
CVE-2024-21509
GHSA-49j4-86m8-q2jw

Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js.

3.9.4
Affected by 2 other vulnerabilities.

VCID-nfyp-7vxe-mkgd
Aliases:
CVE-2024-21511
GHSA-4rch-2fh8-94vw

Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.

3.9.7
Affected by 1 other vulnerability.

VCID-sgrh-4nnj-vqcj
Aliases:
CVE-2024-21512
GHSA-pmh2-wpjm-fj45

Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.

3.9.8
Affected by 0 other vulnerabilities.

VCID-u9gj-xfsc-6fhb
Aliases:
CVE-2024-21508
GHSA-fpw7-j2hg-69v5

Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values.

3.9.4
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-p5hy-gt69-1bbb	Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key.	CVE-2024-21507 GHSA-mqr2-w7wj-jjgr

Vulnerability

Summary

Aliases

VCID-p5hy-gt69-1bbb

Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key.

CVE-2024-21507
GHSA-mqr2-w7wj-jjgr

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T19:30:17.260826+00:00	GitLab Importer	Affected by	VCID-sgrh-4nnj-vqcj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mysql2/CVE-2024-21512.yml	38.6.0
2026-06-12T19:26:25.756147+00:00	GitLab Importer	Affected by	VCID-nfyp-7vxe-mkgd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mysql2/CVE-2024-21511.yml	38.6.0
2026-06-12T19:25:14.514027+00:00	GitLab Importer	Affected by	VCID-u9gj-xfsc-6fhb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mysql2/CVE-2024-21508.yml	38.6.0
2026-06-12T19:24:56.451587+00:00	GitLab Importer	Affected by	VCID-2n2e-7xna-x3c5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mysql2/CVE-2024-21509.yml	38.6.0
2026-06-12T15:48:27.371391+00:00	GitLab Importer	Fixing	VCID-p5hy-gt69-1bbb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mysql2/CVE-2024-21507.yml	38.6.0
2026-06-12T07:40:44.967327+00:00	GithubOSV Importer	Fixing	VCID-p5hy-gt69-1bbb	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-mqr2-w7wj-jjgr/GHSA-mqr2-w7wj-jjgr.json	38.6.0
2026-06-11T20:34:23.775864+00:00	GHSA Importer	Fixing	VCID-p5hy-gt69-1bbb	https://github.com/advisories/GHSA-mqr2-w7wj-jjgr	38.6.0