Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/typeorm@0.0.2-alpha.69
Typenpm
Namespace
Nametypeorm
Version0.0.2-alpha.69
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.3.26
Latest_non_vulnerable_version0.3.26
Affected_by_vulnerabilities
0
url VCID-53hy-4nmr-mqgu
vulnerability_id VCID-53hy-4nmr-mqgu
summary 
SQL Injection
Prototype pollution vulnerability in the TypeORM package may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8158
reference_id
reference_type
scores
0
value 0.00284
scoring_system epss
scoring_elements 0.5203
published_at 2026-06-09T12:55:00Z
1
value 0.00284
scoring_system epss
scoring_elements 0.51993
published_at 2026-06-04T12:55:00Z
2
value 0.00284
scoring_system epss
scoring_elements 0.52054
published_at 2026-06-05T12:55:00Z
3
value 0.00284
scoring_system epss
scoring_elements 0.52063
published_at 2026-06-06T12:55:00Z
4
value 0.00284
scoring_system epss
scoring_elements 0.52042
published_at 2026-06-07T12:55:00Z
5
value 0.00284
scoring_system epss
scoring_elements 0.52011
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8158
1
reference_url https://hackerone.com/reports/869574
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/869574
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8158
reference_id CVE-2020-8158
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8158
3
reference_url https://github.com/advisories/GHSA-pf2j-9qmp-jqr2
reference_id GHSA-pf2j-9qmp-jqr2
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pf2j-9qmp-jqr2
fixed_packages
0
url pkg:npm/typeorm@0.2.25
purl pkg:npm/typeorm@0.2.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dmg2-qbj8-yyhw
1
vulnerability VCID-g39n-m58j-d7h7
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/typeorm@0.2.25
aliases CVE-2020-8158, GHSA-pf2j-9qmp-jqr2
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-53hy-4nmr-mqgu
1
url VCID-ap94-g3tj-4yf3
vulnerability_id VCID-ap94-g3tj-4yf3
summary 
SQL Injection in typeorm
Versions of `typeorm` before 0.1.15 are vulnerable to SQL Injection. Field names are not properly validated allowing attackers to inject SQL statements and execute arbitrary SQL queries.


## Recommendation

Upgrade to version 0.1.15
references
0
reference_url https://github.com/typeorm/typeorm
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/typeorm/typeorm
1
reference_url https://github.com/typeorm/typeorm/commit/d46c8b0e6c0db56bb5976a4917e9f67a43715111
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/typeorm/typeorm/commit/d46c8b0e6c0db56bb5976a4917e9f67a43715111
2
reference_url https://hackerone.com/reports/319458
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/319458
3
reference_url https://www.npmjs.com/advisories/800
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/800
4
reference_url https://github.com/advisories/GHSA-w7q7-vjp8-7jv4
reference_id GHSA-w7q7-vjp8-7jv4
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w7q7-vjp8-7jv4
fixed_packages
0
url pkg:npm/typeorm@0.1.15
purl pkg:npm/typeorm@0.1.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-53hy-4nmr-mqgu
1
vulnerability VCID-dmg2-qbj8-yyhw
2
vulnerability VCID-g39n-m58j-d7h7
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/typeorm@0.1.15
aliases GHSA-w7q7-vjp8-7jv4, GMS-2019-144
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ap94-g3tj-4yf3
2
url VCID-dmg2-qbj8-yyhw
vulnerability_id VCID-dmg2-qbj8-yyhw
summary 
SQL injection in typeORM
The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that the user's application is responsible for input validation.
references
0
reference_url http://packetstormsecurity.com/files/168096/TypeORM-0.3.7-Information-Disclosure.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-10T18:07:13Z/
url http://packetstormsecurity.com/files/168096/TypeORM-0.3.7-Information-Disclosure.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-33171
reference_id
reference_type
scores
0
value 0.05298
scoring_system epss
scoring_elements 0.90218
published_at 2026-06-09T12:55:00Z
1
value 0.05298
scoring_system epss
scoring_elements 0.90192
published_at 2026-06-04T12:55:00Z
2
value 0.05298
scoring_system epss
scoring_elements 0.90207
published_at 2026-06-05T12:55:00Z
3
value 0.05298
scoring_system epss
scoring_elements 0.90206
published_at 2026-06-06T12:55:00Z
4
value 0.05298
scoring_system epss
scoring_elements 0.90204
published_at 2026-06-07T12:55:00Z
5
value 0.05298
scoring_system epss
scoring_elements 0.90203
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-33171
2
reference_url http://seclists.org/fulldisclosure/2022/Aug/7
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-10T18:07:13Z/
url http://seclists.org/fulldisclosure/2022/Aug/7
3
reference_url https://github.com/typeorm/typeorm/compare/0.2.45...0.3.0
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-10T18:07:13Z/
url https://github.com/typeorm/typeorm/compare/0.2.45...0.3.0
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-33171
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-33171
5
reference_url https://seclists.org/fulldisclosure/2022/Jun/51
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-10T18:07:13Z/
url https://seclists.org/fulldisclosure/2022/Jun/51
6
reference_url https://github.com/advisories/GHSA-fx4w-v43j-vc45
reference_id GHSA-fx4w-v43j-vc45
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fx4w-v43j-vc45
fixed_packages
0
url pkg:npm/typeorm@0.3.0
purl pkg:npm/typeorm@0.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g39n-m58j-d7h7
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/typeorm@0.3.0
aliases CVE-2022-33171, GHSA-fx4w-v43j-vc45
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dmg2-qbj8-yyhw
3
url VCID-g39n-m58j-d7h7
vulnerability_id VCID-g39n-m58j-d7h7
summary 
TypeORM vulnerable to SQL injection via crafted request to repository.save or repository.update
SQL Injection vulnerability in TypeORM before 0.3.26 via crafted request to repository.save or repository.update due to the sqlstring call using stringifyObjects default to false.
references
0
reference_url http://github.com/typeorm/typeorm
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:H/SA:L/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://github.com/typeorm/typeorm
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-60542.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-60542.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-60542
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.13176
published_at 2026-06-05T12:55:00Z
1
value 0.00042
scoring_system epss
scoring_elements 0.13179
published_at 2026-06-06T12:55:00Z
2
value 0.00042
scoring_system epss
scoring_elements 0.13139
published_at 2026-06-07T12:55:00Z
3
value 0.00042
scoring_system epss
scoring_elements 0.13068
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-60542
3
reference_url https://github.com/mysqljs/sqlstring/blob/cd528556b4b6bcf300c3db515026935dedf7cfa1/lib/SqlString.js#L54
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:H/SA:L/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mysqljs/sqlstring/blob/cd528556b4b6bcf300c3db515026935dedf7cfa1/lib/SqlString.js#L54
4
reference_url https://github.com/sidorares/node-mysql2/blob/e359f454a76ba5dc31b91adf7bdb4099ca317bb5/lib/base/connection.js#L524
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:H/SA:L/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sidorares/node-mysql2/blob/e359f454a76ba5dc31b91adf7bdb4099ca317bb5/lib/base/connection.js#L524
5
reference_url https://github.com/sidorares/node-mysql2/blob/e359f454a76ba5dc31b91adf7bdb4099ca317bb5/lib/connection_config.js#L124
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:H/SA:L/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sidorares/node-mysql2/blob/e359f454a76ba5dc31b91adf7bdb4099ca317bb5/lib/connection_config.js#L124
6
reference_url https://github.com/typeorm/typeorm/blob/0.3.25/src/driver/mysql/MysqlConnectionOptions.ts
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:H/SA:L/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/typeorm/typeorm/blob/0.3.25/src/driver/mysql/MysqlConnectionOptions.ts
7
reference_url https://github.com/typeorm/typeorm/commit/d57fe3bd8578b0b8f9847647fd046bccf825a7ef
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:H/SA:L/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/typeorm/typeorm/commit/d57fe3bd8578b0b8f9847647fd046bccf825a7ef
8
reference_url https://github.com/typeorm/typeorm/pull/11574
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:H/SA:L/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-30T20:28:03Z/
url https://github.com/typeorm/typeorm/pull/11574
9
reference_url https://github.com/typeorm/typeorm/releases?q=security&expanded=true
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:H/SA:L/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-30T20:28:03Z/
url https://github.com/typeorm/typeorm/releases?q=security&expanded=true
10
reference_url https://github.com/typeorm/typeorm/releases/tag/0.3.26
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:H/SA:L/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-30T20:28:03Z/
url https://github.com/typeorm/typeorm/releases/tag/0.3.26
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2407114
reference_id 2407114
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2407114
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-60542
reference_id CVE-2025-60542
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:H/SA:L/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-60542
13
reference_url https://medium.com/@alizada.cavad/cve-2025-60542-typeorm-mysql-sqli-0-3-25-a1b32bc60453
reference_id CVE-2025-60542-TYPEORM-MYSQL-SQLI-0-3-25-A1B32BC60453
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:H/SA:L/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-30T20:28:03Z/
url https://medium.com/@alizada.cavad/cve-2025-60542-typeorm-mysql-sqli-0-3-25-a1b32bc60453
14
reference_url https://github.com/advisories/GHSA-q2pj-6v73-8rgj
reference_id GHSA-q2pj-6v73-8rgj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q2pj-6v73-8rgj
15
reference_url https://access.redhat.com/errata/RHSA-2025:22404
reference_id RHSA-2025:22404
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22404
16
reference_url https://access.redhat.com/errata/RHSA-2025:22861
reference_id RHSA-2025:22861
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22861
fixed_packages
0
url pkg:npm/typeorm@0.3.26
purl pkg:npm/typeorm@0.3.26
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/typeorm@0.3.26
aliases CVE-2025-60542, GHSA-q2pj-6v73-8rgj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g39n-m58j-d7h7
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/typeorm@0.0.2-alpha.69