Search for packages
| purl | pkg:npm/sequelize@4.37.4 |
| Next non-vulnerable version | 6.37.8 |
| Latest non-vulnerable version | 7.0.0-next.1 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1vrt-1c8d-a7f8
Aliases: CVE-2023-22579 GHSA-vqfx-gj96-3w95 |
Due to improper parameter filtering in the sequalize js library, can a attacker peform injection. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-ezu8-tyrr-97h8
Aliases: CVE-2023-22580 GHSA-8c25-f3mj-v6h8 |
Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-j3y1-tes7-skgx
Aliases: CVE-2019-10748 GHSA-j9xp-92vc-559j |
SQL Injection in sequelize |
Affected by 4 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-knsq-g276-cud8
Aliases: GHSA-fw4p-36j9-rrj3 GMS-2020-771 |
Denial of Service in sequelize |
Affected by 3 other vulnerabilities. |
|
VCID-pvvd-pgxk-6fb8
Aliases: CVE-2023-25813 GHSA-wrh9-cjv3-2hpw |
Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the specific queries in use. The issue has been fixed in Sequelize 6.19.1. Users are advised to upgrade. Users unable to upgrade should not use the `replacements` and the `where` option in the same query. |
Affected by 3 other vulnerabilities. |
|
VCID-yhkc-r66a-e7bk
Aliases: CVE-2019-10752 GHSA-m9jw-237r-gvfv |
SQL Injection in sequelize |
Affected by 4 other vulnerabilities. Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||