{"url":"http://public2.vulnerablecode.io/api/packages/205014?format=json","purl":"pkg:npm/sequelize@3.23.4","type":"npm","namespace":"","name":"sequelize","version":"3.23.4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.37.8","latest_non_vulnerable_version":"7.0.0-next.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44469?format=json","vulnerability_id":"VCID-3ugq-njms-xkgd","summary":"Unsafe fall-through in getWhereConditions\nDue to improper parameter filtering in the sequalize js library, can a attacker peform injection.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22579","reference_id":"","reference_type":"","scores":[{"value":"0.004","scoring_system":"epss","scoring_elements":"0.61085","published_at":"2026-06-05T12:55:00Z"},{"value":"0.004","scoring_system":"epss","scoring_elements":"0.61082","published_at":"2026-06-09T12:55:00Z"},{"value":"0.004","scoring_system":"epss","scoring_elements":"0.61063","published_at":"2026-06-08T12:55:00Z"},{"value":"0.004","scoring_system":"epss","scoring_elements":"0.61081","published_at":"2026-06-07T12:55:00Z"},{"value":"0.004","scoring_system":"epss","scoring_elements":"0.61036","published_at":"2026-06-04T12:55:00Z"},{"value":"0.004","scoring_system":"epss","scoring_elements":"0.61092","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22579"},{"reference_url":"https://csirt.divd.nl/DIVD-2022-00020","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://csirt.divd.nl/DIVD-2022-00020"},{"reference_url":"https://csirt.divd.nl/DIVD-2022-00020/","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:45:28Z/"}],"url":"https://csirt.divd.nl/DIVD-2022-00020/"},{"reference_url":"https://github.com/sequelize/sequelize","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize"},{"reference_url":"https://github.com/sequelize/sequelize/discussions/15698","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/discussions/15698"},{"reference_url":"https://github.com/sequelize/sequelize/pull/15375","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/pull/15375"},{"reference_url":"https://github.com/sequelize/sequelize/pull/15699","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/pull/15699"},{"reference_url":"https://github.com/sequelize/sequelize/releases/tag/v6.28.1","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/releases/tag/v6.28.1"},{"reference_url":"https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20"},{"reference_url":"https://csirt.divd.nl/CVE-2023-22579","reference_id":"CVE-2023-22579","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:45:28Z/"}],"url":"https://csirt.divd.nl/CVE-2023-22579"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22579","reference_id":"CVE-2023-22579","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22579"},{"reference_url":"https://github.com/advisories/GHSA-vqfx-gj96-3w95","reference_id":"GHSA-vqfx-gj96-3w95","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vqfx-gj96-3w95"},{"reference_url":"https://github.com/sequelize/sequelize/security/advisories/GHSA-vqfx-gj96-3w95","reference_id":"GHSA-vqfx-gj96-3w95","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/security/advisories/GHSA-vqfx-gj96-3w95"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63970?format=json","purl":"pkg:npm/sequelize@6.28.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xn4n-x26m-5qdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@6.28.1"},{"url":"http://public2.vulnerablecode.io/api/packages/637922?format=json","purl":"pkg:npm/sequelize@7.0.0-alpha.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@7.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/63971?format=json","purl":"pkg:npm/sequelize@7.0.0-next.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@7.0.0-next.1"}],"aliases":["CVE-2023-22579","GHSA-vqfx-gj96-3w95"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ugq-njms-xkgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44475?format=json","vulnerability_id":"VCID-gzz4-8wz6-f3f9","summary":"Sequelize information disclosure vulnerability\nDue to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22580","reference_id":"","reference_type":"","scores":[{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52338","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.5231","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52289","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52318","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52271","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52331","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22580"},{"reference_url":"https://csirt.divd.nl/DIVD-2022-00020","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://csirt.divd.nl/DIVD-2022-00020"},{"reference_url":"https://csirt.divd.nl/DIVD-2022-00020/","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:49:39Z/"}],"url":"https://csirt.divd.nl/DIVD-2022-00020/"},{"reference_url":"https://github.com/sequelize/sequelize","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize"},{"reference_url":"https://github.com/sequelize/sequelize/pull/15375","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/pull/15375"},{"reference_url":"https://github.com/sequelize/sequelize/pull/15699","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/pull/15699"},{"reference_url":"https://github.com/sequelize/sequelize/releases/tag/v6.28.1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/releases/tag/v6.28.1"},{"reference_url":"https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20"},{"reference_url":"https://csirt.divd.nl/CVE-2023-22580","reference_id":"CVE-2023-22580","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:49:39Z/"}],"url":"https://csirt.divd.nl/CVE-2023-22580"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22580","reference_id":"CVE-2023-22580","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22580"},{"reference_url":"https://github.com/advisories/GHSA-8c25-f3mj-v6h8","reference_id":"GHSA-8c25-f3mj-v6h8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8c25-f3mj-v6h8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63970?format=json","purl":"pkg:npm/sequelize@6.28.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xn4n-x26m-5qdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@6.28.1"},{"url":"http://public2.vulnerablecode.io/api/packages/637922?format=json","purl":"pkg:npm/sequelize@7.0.0-alpha.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@7.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/63971?format=json","purl":"pkg:npm/sequelize@7.0.0-next.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@7.0.0-next.1"}],"aliases":["CVE-2023-22580","GHSA-8c25-f3mj-v6h8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gzz4-8wz6-f3f9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51965?format=json","vulnerability_id":"VCID-hrt8-8z9v-euh8","summary":"Sequelize all versions prior are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10748","reference_id":"","reference_type":"","scores":[{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62795","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62781","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62752","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62796","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62805","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10748"},{"reference_url":"https://github.com/sequelize/sequelize/commit/a72a3f5,","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/commit/a72a3f5,"},{"reference_url":"https://github.com/sequelize/sequelize/pull/11089,","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/pull/11089,"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450221","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450221"},{"reference_url":"https://www.npmjs.com/advisories/1018","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/1018"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10748","reference_id":"CVE-2019-10748","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10748"},{"reference_url":"https://github.com/advisories/GHSA-j9xp-92vc-559j","reference_id":"GHSA-j9xp-92vc-559j","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j9xp-92vc-559j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76121?format=json","purl":"pkg:npm/sequelize@3.35.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ugq-njms-xkgd"},{"vulnerability":"VCID-gzz4-8wz6-f3f9"},{"vulnerability":"VCID-uuy7-v2qy-yfhv"},{"vulnerability":"VCID-zk15-66xk-2ydf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.35.1"},{"url":"http://public2.vulnerablecode.io/api/packages/76081?format=json","purl":"pkg:npm/sequelize@4.44.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ugq-njms-xkgd"},{"vulnerability":"VCID-gzz4-8wz6-f3f9"},{"vulnerability":"VCID-uuy7-v2qy-yfhv"},{"vulnerability":"VCID-zk15-66xk-2ydf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@4.44.3"},{"url":"http://public2.vulnerablecode.io/api/packages/76120?format=json","purl":"pkg:npm/sequelize@5.8.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ugq-njms-xkgd"},{"vulnerability":"VCID-gzz4-8wz6-f3f9"},{"vulnerability":"VCID-hnqn-f4z6-m7gf"},{"vulnerability":"VCID-hrt8-8z9v-euh8"},{"vulnerability":"VCID-zk15-66xk-2ydf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@5.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/76122?format=json","purl":"pkg:npm/sequelize@5.8.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ugq-njms-xkgd"},{"vulnerability":"VCID-gzz4-8wz6-f3f9"},{"vulnerability":"VCID-hnqn-f4z6-m7gf"},{"vulnerability":"VCID-zk15-66xk-2ydf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@5.8.12"}],"aliases":["CVE-2019-10748","GHSA-j9xp-92vc-559j"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hrt8-8z9v-euh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38161?format=json","vulnerability_id":"VCID-qraw-us96-3qej","summary":"SQL Injection via GeoJSON\nSequelizeJS is vulnerable to SQL injection via GeoJSON documents containing a value with a single quote. This vulnerability affects postresql/postgis as well as MySQL.","references":[{"reference_url":"https://github.com/sequelize/sequelize/issues/6194","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sequelize/sequelize/issues/6194"},{"reference_url":"https://github.com/sequelize/sequelize/pull/6302/commits/f93af43a1d86400487f5e3d9762f1a4b7cf6b1e1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sequelize/sequelize/pull/6302/commits/f93af43a1d86400487f5e3d9762f1a4b7cf6b1e1"},{"reference_url":"https://github.com/sequelize/sequelize/pull/6303/commits/a81ac1f38476d553c92d522913e91c6e07acc4fa","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sequelize/sequelize/pull/6303/commits/a81ac1f38476d553c92d522913e91c6e07acc4fa"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52835?format=json","purl":"pkg:npm/sequelize@3.23.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ugq-njms-xkgd"},{"vulnerability":"VCID-gzz4-8wz6-f3f9"},{"vulnerability":"VCID-hrt8-8z9v-euh8"},{"vulnerability":"VCID-tccv-wk5y-jkde"},{"vulnerability":"VCID-tufw-g33p-qqds"},{"vulnerability":"VCID-uuy7-v2qy-yfhv"},{"vulnerability":"VCID-v4z6-u42c-ukbh"},{"vulnerability":"VCID-zk15-66xk-2ydf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.23.5"},{"url":"http://public2.vulnerablecode.io/api/packages/205015?format=json","purl":"pkg:npm/sequelize@4.0.0-0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ugq-njms-xkgd"},{"vulnerability":"VCID-gzz4-8wz6-f3f9"},{"vulnerability":"VCID-tccv-wk5y-jkde"},{"vulnerability":"VCID-uuy7-v2qy-yfhv"},{"vulnerability":"VCID-zk15-66xk-2ydf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@4.0.0-0"}],"aliases":["GMS-2016-41"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qraw-us96-3qej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41035?format=json","vulnerability_id":"VCID-tccv-wk5y-jkde","summary":"NoSQL Injection in sequelize\nVersions of `sequelize` prior to 4.12.0 are vulnerable to NoSQL Injection. Query operators such as `$gt` are not properly sanitized and may allow an attacker to alter data queries, leading to NoSQL Injection.\n\n\n## Recommendation\n\nUpgrade to version 4.12.0 or later","references":[{"reference_url":"https://github.com/sequelize/sequelize","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize"},{"reference_url":"https://github.com/sequelize/sequelize/commit/ccb99daedb69e8750a241436415ccac8abef358d","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/commit/ccb99daedb69e8750a241436415ccac8abef358d"},{"reference_url":"https://github.com/sequelize/sequelize/issues/7310","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/issues/7310"},{"reference_url":"https://github.com/sequelize/sequelize/pull/8240","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/pull/8240"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-SEQUELIZE-174147","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-SEQUELIZE-174147"},{"reference_url":"https://www.npmjs.com/advisories/820","reference_id":"","reference_type":"","scores":[],"url":"https://www.npmjs.com/advisories/820"},{"reference_url":"https://www.npmjs.com/advisories/820/versions","reference_id":"","reference_type":"","scores":[],"url":"https://www.npmjs.com/advisories/820/versions"},{"reference_url":"https://github.com/advisories/GHSA-wfp9-vr4j-f49j","reference_id":"GHSA-wfp9-vr4j-f49j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wfp9-vr4j-f49j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58139?format=json","purl":"pkg:npm/sequelize@4.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ugq-njms-xkgd"},{"vulnerability":"VCID-gzz4-8wz6-f3f9"},{"vulnerability":"VCID-hnqn-f4z6-m7gf"},{"vulnerability":"VCID-hrt8-8z9v-euh8"},{"vulnerability":"VCID-uuy7-v2qy-yfhv"},{"vulnerability":"VCID-zk15-66xk-2ydf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@4.12.0"}],"aliases":["GHSA-wfp9-vr4j-f49j","GMS-2019-139"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tccv-wk5y-jkde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30535?format=json","vulnerability_id":"VCID-tufw-g33p-qqds","summary":"SQL Injection via GeoJSON\nSequelizeJS 3.23.4 is vulnerable to SQL injection via GeoJSON documents containing a value with a single quote.  This vulnerability affects postresql/postgis as well as MySQL. This vulnerability only exists within GeoJSON documents using the function `ST_GeomFromGeoJSON` for postgresql/postgis and the function `GeomFromText` for mysql. SequelizeJS's `geometry` datatype is vulnerable.  If you have SequelizeJS models with a field that has a datatype of 'Geometry' and run a mysql or postgresql/postgis backend, your application is vulnerable\n\nSequelizeJS is a popular ORM (Object Relational Mapper) for node.  \n\nGeoJSON is a format for encoding a variety of geographic data structures.","references":[{"reference_url":"http://docs.sequelizejs.com/en/latest/api/datatypes/#geometry","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""}],"url":"http://docs.sequelizejs.com/en/latest/api/datatypes/#geometry"},{"reference_url":"http://geojson.org/","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""}],"url":"http://geojson.org/"},{"reference_url":"https://github.com/sequelize/sequelize","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize"},{"reference_url":"https://github.com/sequelize/sequelize/commit/14e3deaf3ad27f12900e5275db1d448844c9de3e","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/commit/14e3deaf3ad27f12900e5275db1d448844c9de3e"},{"reference_url":"https://github.com/sequelize/sequelize/commit/18ac91040d9c57351d26ba998f460e214255b704","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/commit/18ac91040d9c57351d26ba998f460e214255b704"},{"reference_url":"https://github.com/sequelize/sequelize/commit/562d52585902090f4e53eb21c61314098c29d795","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/commit/562d52585902090f4e53eb21c61314098c29d795"},{"reference_url":"https://github.com/sequelize/sequelize/commit/f93af43a1d86400487f5e3d9762f1a4b7cf6b1e1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/commit/f93af43a1d86400487f5e3d9762f1a4b7cf6b1e1"},{"reference_url":"https://github.com/sequelize/sequelize/issues/6194","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/issues/6194"},{"reference_url":"https://github.com/sequelize/sequelize/pull/6302","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/pull/6302"},{"reference_url":"https://github.com/sequelize/sequelize/pull/6306","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/pull/6306"},{"reference_url":"https://snyk.io/vuln/npm:sequelize:20160718","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/npm:sequelize:20160718"},{"reference_url":"https://www.npmjs.com/advisories/122","reference_id":"","reference_type":"","scores":[],"url":"https://www.npmjs.com/advisories/122"},{"reference_url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/122.json","reference_id":"122","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/122.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1000225","reference_id":"CVE-2016-1000225","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1000225"},{"reference_url":"https://github.com/advisories/GHSA-5v9h-q3gj-c32x","reference_id":"GHSA-5v9h-q3gj-c32x","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5v9h-q3gj-c32x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6575?format=json","purl":"pkg:npm/sequelize@3.23.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ugq-njms-xkgd"},{"vulnerability":"VCID-gzz4-8wz6-f3f9"},{"vulnerability":"VCID-hrt8-8z9v-euh8"},{"vulnerability":"VCID-tccv-wk5y-jkde"},{"vulnerability":"VCID-uuy7-v2qy-yfhv"},{"vulnerability":"VCID-v4z6-u42c-ukbh"},{"vulnerability":"VCID-zk15-66xk-2ydf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.23.6"}],"aliases":["CVE-2016-1000225","GHSA-5v9h-q3gj-c32x","GMS-2020-770"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tufw-g33p-qqds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53184?format=json","vulnerability_id":"VCID-uuy7-v2qy-yfhv","summary":"Denial of Service in sequelize\nVersions of `sequelize` prior to 4.44.4 are vulnerable to Denial of Service (DoS). The SQLite dialect fails to catch a `TypeError` exception for the `results` variable. The `results` value may be undefined and trigger the error on a `.map` call. This may allow attackers to submit malicious input that forces the exception and crashes the Node process.  \n\nThe following proof-of-concept crashes the Node process:  \n```\nconst Sequelize = require('sequelize');\n\nconst sequelize = new Sequelize({\n\tdialect: 'sqlite',\n\tstorage: 'database.sqlite'\n});\n\nconst TypeError = sequelize.define('TypeError', {\n\tname: Sequelize.STRING,\n});\n\nTypeError.sync({force: true}).then(() => {\n\treturn TypeError.create({name: \"SELECT tbl_name FROM sqlite_master\"});\n});\n```\n\n\n## Recommendation\n\nUpgrade to version 4.44.4 or later.","references":[{"reference_url":"https://github.com/sequelize/sequelize/pull/11877","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/pull/11877"},{"reference_url":"https://www.npmjs.com/advisories/1142","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/1142"},{"reference_url":"https://github.com/advisories/GHSA-fw4p-36j9-rrj3","reference_id":"GHSA-fw4p-36j9-rrj3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fw4p-36j9-rrj3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/78218?format=json","purl":"pkg:npm/sequelize@4.44.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ugq-njms-xkgd"},{"vulnerability":"VCID-gzz4-8wz6-f3f9"},{"vulnerability":"VCID-zk15-66xk-2ydf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@4.44.4"}],"aliases":["GHSA-fw4p-36j9-rrj3","GMS-2020-771"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uuy7-v2qy-yfhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51967?format=json","vulnerability_id":"VCID-v4z6-u42c-ukbh","summary":"sequelize allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10749","reference_id":"","reference_type":"","scores":[{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58258","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58308","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58304","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58315","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58307","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58289","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10749"},{"reference_url":"https://github.com/sequelize/sequelize/commit/ee4017379db0059566ecb5424274ad4e2d66bc68","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/commit/ee4017379db0059566ecb5424274ad4e2d66bc68"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450222","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450222"},{"reference_url":"https://www.npmjs.com/advisories/1017","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/1017"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10749","reference_id":"CVE-2019-10749","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10749"},{"reference_url":"https://github.com/advisories/GHSA-2598-2f59-rmhq","reference_id":"GHSA-2598-2f59-rmhq","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2598-2f59-rmhq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76121?format=json","purl":"pkg:npm/sequelize@3.35.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ugq-njms-xkgd"},{"vulnerability":"VCID-gzz4-8wz6-f3f9"},{"vulnerability":"VCID-uuy7-v2qy-yfhv"},{"vulnerability":"VCID-zk15-66xk-2ydf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.35.1"}],"aliases":["CVE-2019-10749","GHSA-2598-2f59-rmhq"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v4z6-u42c-ukbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44506?format=json","vulnerability_id":"VCID-zk15-66xk-2ydf","summary":"Sequelize vulnerable to SQL Injection via replacements\nSequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the specific queries in use. The issue has been fixed in Sequelize 6.19.1. Users are advised to upgrade. Users unable to upgrade should not use the `replacements` and the `where` option in the same query.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25813","reference_id":"","reference_type":"","scores":[{"value":"0.03518","scoring_system":"epss","scoring_elements":"0.87891","published_at":"2026-06-09T12:55:00Z"},{"value":"0.03518","scoring_system":"epss","scoring_elements":"0.87853","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03518","scoring_system":"epss","scoring_elements":"0.87875","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03518","scoring_system":"epss","scoring_elements":"0.87877","published_at":"2026-06-07T12:55:00Z"},{"value":"0.03518","scoring_system":"epss","scoring_elements":"0.87879","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25813"},{"reference_url":"https://github.com/sequelize/sequelize","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize"},{"reference_url":"https://github.com/sequelize/sequelize/commit/ccaa3996047fe00048d5993ab2dd43ebadd4f78b","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:23Z/"}],"url":"https://github.com/sequelize/sequelize/commit/ccaa3996047fe00048d5993ab2dd43ebadd4f78b"},{"reference_url":"https://github.com/sequelize/sequelize/issues/14519","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:23Z/"}],"url":"https://github.com/sequelize/sequelize/issues/14519"},{"reference_url":"https://github.com/sequelize/sequelize/releases/tag/v6.19.1","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:23Z/"}],"url":"https://github.com/sequelize/sequelize/releases/tag/v6.19.1"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-2932027","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-2932027"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25813","reference_id":"CVE-2023-25813","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25813"},{"reference_url":"https://github.com/advisories/GHSA-wrh9-cjv3-2hpw","reference_id":"GHSA-wrh9-cjv3-2hpw","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wrh9-cjv3-2hpw"},{"reference_url":"https://github.com/sequelize/sequelize/security/advisories/GHSA-wrh9-cjv3-2hpw","reference_id":"GHSA-wrh9-cjv3-2hpw","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:23Z/"}],"url":"https://github.com/sequelize/sequelize/security/advisories/GHSA-wrh9-cjv3-2hpw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64029?format=json","purl":"pkg:npm/sequelize@6.19.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ugq-njms-xkgd"},{"vulnerability":"VCID-gzz4-8wz6-f3f9"},{"vulnerability":"VCID-xn4n-x26m-5qdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@6.19.1"}],"aliases":["CVE-2023-25813","GHSA-wrh9-cjv3-2hpw"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zk15-66xk-2ydf"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.23.4"}