Search for packages
| purl | pkg:npm/sqlite3@5.0.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-g65d-c2sw-w7gs
Aliases: CVE-2022-21227 GHSA-9qrh-qjmc-5w2p |
Denial-of-Service due to fatal error when binding invalid parameters The package sqlite3 before 5.0.3 is vulnerable to Denial of Service (DoS) which will invoke the `toString` function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine. |
Affected by 0 other vulnerabilities. |
|
VCID-pm8f-fw5s-kuf6
Aliases: CVE-2022-43441 GHSA-jqv5-7xpx-qj74 GMS-2023-755 |
sqlite vulnerable to code execution due to Object coercion Due to the underlying implementation of `.ToString()`, it's possible to execute arbitrary JavaScript, or to achieve a denial-of-service, if a binding parameter is a crafted Object. Users of sqlite3 v5.0.0 - v5.1.4 are affected by this. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:44:15.657803+00:00 | GitLab Importer | Affected by | VCID-pm8f-fw5s-kuf6 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/sqlite3/GMS-2023-755.yml | 38.6.0 |
| 2026-06-02T04:42:09.428032+00:00 | GitLab Importer | Affected by | VCID-g65d-c2sw-w7gs | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/sqlite3/CVE-2022-21227.yml | 38.6.0 |