{"url":"http://public2.vulnerablecode.io/api/packages/14938?format=json","purl":"pkg:npm/sequelize@2.1.3","type":"npm","namespace":"","name":"sequelize","version":"2.1.3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.37.8","latest_non_vulnerable_version":"7.0.0-next.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/149902?format=json","vulnerability_id":"VCID-1vrt-1c8d-a7f8","summary":"Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22579","reference_id":"","reference_type":"","scores":[{"value":"0.004","scoring_system":"epss","scoring_elements":"0.61151","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22579"},{"reference_url":"https://csirt.divd.nl/DIVD-2022-00020","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://csirt.divd.nl/DIVD-2022-00020"},{"reference_url":"https://github.com/sequelize/sequelize","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize"},{"reference_url":"https://github.com/sequelize/sequelize/discussions/15698","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/discussions/15698"},{"reference_url":"https://github.com/sequelize/sequelize/pull/15375","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/pull/15375"},{"reference_url":"https://github.com/sequelize/sequelize/pull/15699","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/pull/15699"},{"reference_url":"https://github.com/sequelize/sequelize/releases/tag/v6.28.1","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/releases/tag/v6.28.1"},{"reference_url":"https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20"},{"reference_url":"https://github.com/sequelize/sequelize/security/advisories/GHSA-vqfx-gj96-3w95","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/security/advisories/GHSA-vqfx-gj96-3w95"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22579","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22579"},{"reference_url":"https://csirt.divd.nl/CVE-2023-22579","reference_id":"CVE-2023-22579","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:45:28Z/"}],"url":"https://csirt.divd.nl/CVE-2023-22579"},{"reference_url":"https://csirt.divd.nl/DIVD-2022-00020/","reference_id":"DIVD-2022-00020","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:45:28Z/"}],"url":"https://csirt.divd.nl/DIVD-2022-00020/"},{"reference_url":"https://github.com/advisories/GHSA-vqfx-gj96-3w95","reference_id":"GHSA-vqfx-gj96-3w95","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vqfx-gj96-3w95"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380382?format=json","purl":"pkg:npm/sequelize@6.28.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nggk-kexj-h3fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@6.28.1"},{"url":"http://public2.vulnerablecode.io/api/packages/614069?format=json","purl":"pkg:npm/sequelize@7.0.0-alpha.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@7.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/392969?format=json","purl":"pkg:npm/sequelize@7.0.0-next.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@7.0.0-next.1"}],"aliases":["CVE-2023-22579","GHSA-vqfx-gj96-3w95"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1vrt-1c8d-a7f8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361832?format=json","vulnerability_id":"VCID-29kb-jnkp-d3aa","summary":"Potential SQL Injection\nSequelize contains a potential SQL injection.","references":[{"reference_url":"https://github.com/sequelize/sequelize/blob/master/changelog.md#300","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sequelize/sequelize/blob/master/changelog.md#300"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/14939?format=json","purl":"pkg:npm/sequelize@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrt-1c8d-a7f8"},{"vulnerability":"VCID-46gy-pvx2-juds"},{"vulnerability":"VCID-52ex-weu3-4kfa"},{"vulnerability":"VCID-9w1y-5mj4-k7ak"},{"vulnerability":"VCID-ezu8-tyrr-97h8"},{"vulnerability":"VCID-f2fe-3pwh-gqfm"},{"vulnerability":"VCID-fb24-gte1-eye2"},{"vulnerability":"VCID-hfs8-z16t-a3bk"},{"vulnerability":"VCID-j3y1-tes7-skgx"},{"vulnerability":"VCID-pvvd-pgxk-6fb8"},{"vulnerability":"VCID-qn7w-5asy-tqdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.0.0"}],"aliases":["GMS-2016-81"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-29kb-jnkp-d3aa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361824?format=json","vulnerability_id":"VCID-46gy-pvx2-juds","summary":"SQL Injection via LIMIT and ORDER\nIf user input goes into the `limit` or `order` parameters, a malicious user can put in their own SQL statements.","references":[{"reference_url":"https://github.com/sequelize/sequelize/pull/5167/commits/f282d85e60e3df5e57ecdb82adccb4eaef404f03","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sequelize/sequelize/pull/5167/commits/f282d85e60e3df5e57ecdb82adccb4eaef404f03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/14940?format=json","purl":"pkg:npm/sequelize@3.17.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrt-1c8d-a7f8"},{"vulnerability":"VCID-52ex-weu3-4kfa"},{"vulnerability":"VCID-9w1y-5mj4-k7ak"},{"vulnerability":"VCID-ezu8-tyrr-97h8"},{"vulnerability":"VCID-fb24-gte1-eye2"},{"vulnerability":"VCID-hfs8-z16t-a3bk"},{"vulnerability":"VCID-j3y1-tes7-skgx"},{"vulnerability":"VCID-pvvd-pgxk-6fb8"},{"vulnerability":"VCID-qn7w-5asy-tqdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.17.0"}],"aliases":["GMS-2016-76"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-46gy-pvx2-juds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203198?format=json","vulnerability_id":"VCID-52ex-weu3-4kfa","summary":"SQL Injection in sequelize","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10556","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44739","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10556"},{"reference_url":"https://github.com/sequelize/sequelize/commit/23952a2b020cc3571f090e67dae7feb084e1be71","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/commit/23952a2b020cc3571f090e67dae7feb084e1be71"},{"reference_url":"https://github.com/sequelize/sequelize/commits/v3.20.0?after=62e4dacb28a779a190a3e042b971dcd8c7926e49+34&branch=v3.20.0&qualified_name=refs%2Ftags%2Fv3.20.0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/commits/v3.20.0?after=62e4dacb28a779a190a3e042b971dcd8c7926e49+34&branch=v3.20.0&qualified_name=refs%2Ftags%2Fv3.20.0"},{"reference_url":"https://github.com/sequelize/sequelize/issues/5671","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/issues/5671"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-10556","reference_id":"CVE-2016-10556","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-10556"},{"reference_url":"https://github.com/advisories/GHSA-9c2p-jw8p-f84v","reference_id":"GHSA-9c2p-jw8p-f84v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9c2p-jw8p-f84v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/14934?format=json","purl":"pkg:npm/sequelize@3.20.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrt-1c8d-a7f8"},{"vulnerability":"VCID-9w1y-5mj4-k7ak"},{"vulnerability":"VCID-ezu8-tyrr-97h8"},{"vulnerability":"VCID-fb24-gte1-eye2"},{"vulnerability":"VCID-j3y1-tes7-skgx"},{"vulnerability":"VCID-pvvd-pgxk-6fb8"},{"vulnerability":"VCID-qn7w-5asy-tqdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.20.0"}],"aliases":["CVE-2016-10556","GHSA-9c2p-jw8p-f84v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-52ex-weu3-4kfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361769?format=json","vulnerability_id":"VCID-9w1y-5mj4-k7ak","summary":"SQL Injection via GeoJSON\nSequelizeJS is vulnerable to SQL injection via GeoJSON documents containing a value with a single quote. This vulnerability affects postresql/postgis as well as MySQL.","references":[{"reference_url":"https://github.com/sequelize/sequelize/issues/6194","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sequelize/sequelize/issues/6194"},{"reference_url":"https://github.com/sequelize/sequelize/pull/6302/commits/f93af43a1d86400487f5e3d9762f1a4b7cf6b1e1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sequelize/sequelize/pull/6302/commits/f93af43a1d86400487f5e3d9762f1a4b7cf6b1e1"},{"reference_url":"https://github.com/sequelize/sequelize/pull/6303/commits/a81ac1f38476d553c92d522913e91c6e07acc4fa","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sequelize/sequelize/pull/6303/commits/a81ac1f38476d553c92d522913e91c6e07acc4fa"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/388668?format=json","purl":"pkg:npm/sequelize@3.23.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrt-1c8d-a7f8"},{"vulnerability":"VCID-ezu8-tyrr-97h8"},{"vulnerability":"VCID-fb24-gte1-eye2"},{"vulnerability":"VCID-j3y1-tes7-skgx"},{"vulnerability":"VCID-pvvd-pgxk-6fb8"},{"vulnerability":"VCID-qn7w-5asy-tqdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.23.5"},{"url":"http://public2.vulnerablecode.io/api/packages/408757?format=json","purl":"pkg:npm/sequelize@4.0.0-0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrt-1c8d-a7f8"},{"vulnerability":"VCID-ezu8-tyrr-97h8"},{"vulnerability":"VCID-pvvd-pgxk-6fb8"},{"vulnerability":"VCID-qn7w-5asy-tqdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@4.0.0-0"}],"aliases":["GMS-2016-41"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9w1y-5mj4-k7ak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/149464?format=json","vulnerability_id":"VCID-ezu8-tyrr-97h8","summary":"Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22580","reference_id":"","reference_type":"","scores":[{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52379","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22580"},{"reference_url":"https://csirt.divd.nl/DIVD-2022-00020","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://csirt.divd.nl/DIVD-2022-00020"},{"reference_url":"https://github.com/sequelize/sequelize","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize"},{"reference_url":"https://github.com/sequelize/sequelize/pull/15375","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/pull/15375"},{"reference_url":"https://github.com/sequelize/sequelize/pull/15699","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/pull/15699"},{"reference_url":"https://github.com/sequelize/sequelize/releases/tag/v6.28.1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/releases/tag/v6.28.1"},{"reference_url":"https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22580","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22580"},{"reference_url":"https://csirt.divd.nl/CVE-2023-22580","reference_id":"CVE-2023-22580","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:49:39Z/"}],"url":"https://csirt.divd.nl/CVE-2023-22580"},{"reference_url":"https://csirt.divd.nl/DIVD-2022-00020/","reference_id":"DIVD-2022-00020","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:49:39Z/"}],"url":"https://csirt.divd.nl/DIVD-2022-00020/"},{"reference_url":"https://github.com/advisories/GHSA-8c25-f3mj-v6h8","reference_id":"GHSA-8c25-f3mj-v6h8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8c25-f3mj-v6h8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380382?format=json","purl":"pkg:npm/sequelize@6.28.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nggk-kexj-h3fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@6.28.1"},{"url":"http://public2.vulnerablecode.io/api/packages/614069?format=json","purl":"pkg:npm/sequelize@7.0.0-alpha.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@7.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/392969?format=json","purl":"pkg:npm/sequelize@7.0.0-next.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@7.0.0-next.1"}],"aliases":["CVE-2023-22580","GHSA-8c25-f3mj-v6h8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ezu8-tyrr-97h8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203205?format=json","vulnerability_id":"VCID-f2fe-3pwh-gqfm","summary":"SQL Injection in sequelize","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10550","reference_id":"","reference_type":"","scores":[{"value":"0.00486","scoring_system":"epss","scoring_elements":"0.65851","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10550"},{"reference_url":"https://github.com/sequelize/sequelize/pull/5167/commits/f282d85e60e3df5e57ecdb82adccb4eaef404f03","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/pull/5167/commits/f282d85e60e3df5e57ecdb82adccb4eaef404f03"},{"reference_url":"https://nodesecurity.io/advisories/112","reference_id":"","reference_type":"","scores":[],"url":"https://nodesecurity.io/advisories/112"},{"reference_url":"https://www.npmjs.com/advisories/112","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/112"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-10550","reference_id":"CVE-2016-10550","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-10550"},{"reference_url":"https://github.com/advisories/GHSA-98pq-pmw9-4gpm","reference_id":"GHSA-98pq-pmw9-4gpm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-98pq-pmw9-4gpm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/14940?format=json","purl":"pkg:npm/sequelize@3.17.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrt-1c8d-a7f8"},{"vulnerability":"VCID-52ex-weu3-4kfa"},{"vulnerability":"VCID-9w1y-5mj4-k7ak"},{"vulnerability":"VCID-ezu8-tyrr-97h8"},{"vulnerability":"VCID-fb24-gte1-eye2"},{"vulnerability":"VCID-hfs8-z16t-a3bk"},{"vulnerability":"VCID-j3y1-tes7-skgx"},{"vulnerability":"VCID-pvvd-pgxk-6fb8"},{"vulnerability":"VCID-qn7w-5asy-tqdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.17.0"}],"aliases":["CVE-2016-10550","GHSA-98pq-pmw9-4gpm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f2fe-3pwh-gqfm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204194?format=json","vulnerability_id":"VCID-fb24-gte1-eye2","summary":"SQL Injection in sequelize","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10749","reference_id":"","reference_type":"","scores":[{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58376","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10749"},{"reference_url":"https://github.com/sequelize/sequelize/commit/ee4017379db0059566ecb5424274ad4e2d66bc68","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/commit/ee4017379db0059566ecb5424274ad4e2d66bc68"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450222","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450222"},{"reference_url":"https://www.npmjs.com/advisories/1017","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/1017"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10749","reference_id":"CVE-2019-10749","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10749"},{"reference_url":"https://github.com/advisories/GHSA-2598-2f59-rmhq","reference_id":"GHSA-2598-2f59-rmhq","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2598-2f59-rmhq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15692?format=json","purl":"pkg:npm/sequelize@3.35.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrt-1c8d-a7f8"},{"vulnerability":"VCID-ezu8-tyrr-97h8"},{"vulnerability":"VCID-pvvd-pgxk-6fb8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.35.1"}],"aliases":["CVE-2019-10749","GHSA-2598-2f59-rmhq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fb24-gte1-eye2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361827?format=json","vulnerability_id":"VCID-hfs8-z16t-a3bk","summary":"Improper Escaping of Bound Arrays\nIn Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped.","references":[{"reference_url":"https://github.com/sequelize/sequelize/issues/5671","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sequelize/sequelize/issues/5671"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/14934?format=json","purl":"pkg:npm/sequelize@3.20.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrt-1c8d-a7f8"},{"vulnerability":"VCID-9w1y-5mj4-k7ak"},{"vulnerability":"VCID-ezu8-tyrr-97h8"},{"vulnerability":"VCID-fb24-gte1-eye2"},{"vulnerability":"VCID-j3y1-tes7-skgx"},{"vulnerability":"VCID-pvvd-pgxk-6fb8"},{"vulnerability":"VCID-qn7w-5asy-tqdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.20.0"}],"aliases":["GMS-2016-78"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hfs8-z16t-a3bk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/129236?format=json","vulnerability_id":"VCID-pvvd-pgxk-6fb8","summary":"Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the specific queries in use. The issue has been fixed in Sequelize 6.19.1. Users are advised to upgrade. Users unable to upgrade should not use the `replacements` and the `where` option in the same query.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25813","reference_id":"","reference_type":"","scores":[{"value":"0.03518","scoring_system":"epss","scoring_elements":"0.87914","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25813"},{"reference_url":"https://github.com/sequelize/sequelize","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25813","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25813"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-2932027","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-2932027"},{"reference_url":"https://github.com/sequelize/sequelize/issues/14519","reference_id":"14519","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:23Z/"}],"url":"https://github.com/sequelize/sequelize/issues/14519"},{"reference_url":"https://github.com/sequelize/sequelize/commit/ccaa3996047fe00048d5993ab2dd43ebadd4f78b","reference_id":"ccaa3996047fe00048d5993ab2dd43ebadd4f78b","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:23Z/"}],"url":"https://github.com/sequelize/sequelize/commit/ccaa3996047fe00048d5993ab2dd43ebadd4f78b"},{"reference_url":"https://github.com/advisories/GHSA-wrh9-cjv3-2hpw","reference_id":"GHSA-wrh9-cjv3-2hpw","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wrh9-cjv3-2hpw"},{"reference_url":"https://github.com/sequelize/sequelize/security/advisories/GHSA-wrh9-cjv3-2hpw","reference_id":"GHSA-wrh9-cjv3-2hpw","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:23Z/"}],"url":"https://github.com/sequelize/sequelize/security/advisories/GHSA-wrh9-cjv3-2hpw"},{"reference_url":"https://github.com/sequelize/sequelize/releases/tag/v6.19.1","reference_id":"v6.19.1","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:23Z/"}],"url":"https://github.com/sequelize/sequelize/releases/tag/v6.19.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380496?format=json","purl":"pkg:npm/sequelize@6.19.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrt-1c8d-a7f8"},{"vulnerability":"VCID-ezu8-tyrr-97h8"},{"vulnerability":"VCID-nggk-kexj-h3fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@6.19.1"}],"aliases":["CVE-2023-25813","GHSA-wrh9-cjv3-2hpw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pvvd-pgxk-6fb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203707?format=json","vulnerability_id":"VCID-qn7w-5asy-tqdh","summary":"NoSQL Injection in sequelize","references":[{"reference_url":"https://github.com/sequelize/sequelize","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize"},{"reference_url":"https://github.com/sequelize/sequelize/commit/ccb99daedb69e8750a241436415ccac8abef358d","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/commit/ccb99daedb69e8750a241436415ccac8abef358d"},{"reference_url":"https://github.com/sequelize/sequelize/issues/7310","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/issues/7310"},{"reference_url":"https://github.com/sequelize/sequelize/pull/8240","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/pull/8240"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-SEQUELIZE-174147","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-SEQUELIZE-174147"},{"reference_url":"https://www.npmjs.com/advisories/820","reference_id":"","reference_type":"","scores":[],"url":"https://www.npmjs.com/advisories/820"},{"reference_url":"https://www.npmjs.com/advisories/820/versions","reference_id":"","reference_type":"","scores":[],"url":"https://www.npmjs.com/advisories/820/versions"},{"reference_url":"https://github.com/advisories/GHSA-wfp9-vr4j-f49j","reference_id":"GHSA-wfp9-vr4j-f49j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wfp9-vr4j-f49j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15335?format=json","purl":"pkg:npm/sequelize@4.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrt-1c8d-a7f8"},{"vulnerability":"VCID-ezu8-tyrr-97h8"},{"vulnerability":"VCID-j3y1-tes7-skgx"},{"vulnerability":"VCID-pvvd-pgxk-6fb8"},{"vulnerability":"VCID-yhkc-r66a-e7bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@4.12.0"}],"aliases":["GHSA-wfp9-vr4j-f49j","GMS-2019-139"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qn7w-5asy-tqdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203203?format=json","vulnerability_id":"VCID-y48d-db6q-dqa5","summary":"Potential SQL Injection in sequelize","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10553","reference_id":"","reference_type":"","scores":[{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.5039","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10553"},{"reference_url":"https://github.com/sequelize/sequelize/blob/master/changelog.md#300","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/blob/master/changelog.md#300"},{"reference_url":"https://nodesecurity.io/advisories/109","reference_id":"","reference_type":"","scores":[],"url":"https://nodesecurity.io/advisories/109"},{"reference_url":"https://www.npmjs.com/advisories/109","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/109"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-10553","reference_id":"CVE-2016-10553","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-10553"},{"reference_url":"https://github.com/advisories/GHSA-2v7q-2xqx-f4q5","reference_id":"GHSA-2v7q-2xqx-f4q5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2v7q-2xqx-f4q5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/14939?format=json","purl":"pkg:npm/sequelize@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrt-1c8d-a7f8"},{"vulnerability":"VCID-46gy-pvx2-juds"},{"vulnerability":"VCID-52ex-weu3-4kfa"},{"vulnerability":"VCID-9w1y-5mj4-k7ak"},{"vulnerability":"VCID-ezu8-tyrr-97h8"},{"vulnerability":"VCID-f2fe-3pwh-gqfm"},{"vulnerability":"VCID-fb24-gte1-eye2"},{"vulnerability":"VCID-hfs8-z16t-a3bk"},{"vulnerability":"VCID-j3y1-tes7-skgx"},{"vulnerability":"VCID-pvvd-pgxk-6fb8"},{"vulnerability":"VCID-qn7w-5asy-tqdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.0.0"}],"aliases":["CVE-2016-10553","GHSA-2v7q-2xqx-f4q5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y48d-db6q-dqa5"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@2.1.3"}