{"url":"http://public2.vulnerablecode.io/api/packages/441662?format=json","purl":"pkg:npm/sequelize@4.2.1","type":"npm","namespace":"","name":"sequelize","version":"4.2.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.37.8","latest_non_vulnerable_version":"7.0.0-next.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/149902?format=json","vulnerability_id":"VCID-1vrt-1c8d-a7f8","summary":"Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22579","reference_id":"","reference_type":"","scores":[{"value":"0.004","scoring_system":"epss","scoring_elements":"0.61151","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22579"},{"reference_url":"https://csirt.divd.nl/DIVD-2022-00020","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://csirt.divd.nl/DIVD-2022-00020"},{"reference_url":"https://github.com/sequelize/sequelize","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize"},{"reference_url":"https://github.com/sequelize/sequelize/discussions/15698","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/discussions/15698"},{"reference_url":"https://github.com/sequelize/sequelize/pull/15375","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/pull/15375"},{"reference_url":"https://github.com/sequelize/sequelize/pull/15699","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/pull/15699"},{"reference_url":"https://github.com/sequelize/sequelize/releases/tag/v6.28.1","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/releases/tag/v6.28.1"},{"reference_url":"https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20"},{"reference_url":"https://github.com/sequelize/sequelize/security/advisories/GHSA-vqfx-gj96-3w95","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/security/advisories/GHSA-vqfx-gj96-3w95"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22579","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22579"},{"reference_url":"https://csirt.divd.nl/CVE-2023-22579","reference_id":"CVE-2023-22579","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:45:28Z/"}],"url":"https://csirt.divd.nl/CVE-2023-22579"},{"reference_url":"https://csirt.divd.nl/DIVD-2022-00020/","reference_id":"DIVD-2022-00020","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:45:28Z/"}],"url":"https://csirt.divd.nl/DIVD-2022-00020/"},{"reference_url":"https://github.com/advisories/GHSA-vqfx-gj96-3w95","reference_id":"GHSA-vqfx-gj96-3w95","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vqfx-gj96-3w95"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380382?format=json","purl":"pkg:npm/sequelize@6.28.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nggk-kexj-h3fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@6.28.1"},{"url":"http://public2.vulnerablecode.io/api/packages/614069?format=json","purl":"pkg:npm/sequelize@7.0.0-alpha.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@7.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/392969?format=json","purl":"pkg:npm/sequelize@7.0.0-next.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@7.0.0-next.1"}],"aliases":["CVE-2023-22579","GHSA-vqfx-gj96-3w95"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1vrt-1c8d-a7f8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/149464?format=json","vulnerability_id":"VCID-ezu8-tyrr-97h8","summary":"Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22580","reference_id":"","reference_type":"","scores":[{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52379","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22580"},{"reference_url":"https://csirt.divd.nl/DIVD-2022-00020","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://csirt.divd.nl/DIVD-2022-00020"},{"reference_url":"https://github.com/sequelize/sequelize","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize"},{"reference_url":"https://github.com/sequelize/sequelize/pull/15375","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/pull/15375"},{"reference_url":"https://github.com/sequelize/sequelize/pull/15699","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/pull/15699"},{"reference_url":"https://github.com/sequelize/sequelize/releases/tag/v6.28.1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/releases/tag/v6.28.1"},{"reference_url":"https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22580","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22580"},{"reference_url":"https://csirt.divd.nl/CVE-2023-22580","reference_id":"CVE-2023-22580","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:49:39Z/"}],"url":"https://csirt.divd.nl/CVE-2023-22580"},{"reference_url":"https://csirt.divd.nl/DIVD-2022-00020/","reference_id":"DIVD-2022-00020","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:49:39Z/"}],"url":"https://csirt.divd.nl/DIVD-2022-00020/"},{"reference_url":"https://github.com/advisories/GHSA-8c25-f3mj-v6h8","reference_id":"GHSA-8c25-f3mj-v6h8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8c25-f3mj-v6h8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380382?format=json","purl":"pkg:npm/sequelize@6.28.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nggk-kexj-h3fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@6.28.1"},{"url":"http://public2.vulnerablecode.io/api/packages/614069?format=json","purl":"pkg:npm/sequelize@7.0.0-alpha.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@7.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/392969?format=json","purl":"pkg:npm/sequelize@7.0.0-next.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@7.0.0-next.1"}],"aliases":["CVE-2023-22580","GHSA-8c25-f3mj-v6h8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ezu8-tyrr-97h8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204192?format=json","vulnerability_id":"VCID-j3y1-tes7-skgx","summary":"SQL Injection in sequelize","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10748","reference_id":"","reference_type":"","scores":[{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62861","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10748"},{"reference_url":"https://github.com/sequelize/sequelize/commit/a72a3f5,","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/commit/a72a3f5,"},{"reference_url":"https://github.com/sequelize/sequelize/pull/11089,","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/pull/11089,"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450221","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450221"},{"reference_url":"https://www.npmjs.com/advisories/1018","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/1018"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10748","reference_id":"CVE-2019-10748","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10748"},{"reference_url":"https://github.com/advisories/GHSA-j9xp-92vc-559j","reference_id":"GHSA-j9xp-92vc-559j","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j9xp-92vc-559j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15688?format=json","purl":"pkg:npm/sequelize@4.44.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrt-1c8d-a7f8"},{"vulnerability":"VCID-ezu8-tyrr-97h8"},{"vulnerability":"VCID-pvvd-pgxk-6fb8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@4.44.3"},{"url":"http://public2.vulnerablecode.io/api/packages/15694?format=json","purl":"pkg:npm/sequelize@5.8.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrt-1c8d-a7f8"},{"vulnerability":"VCID-ezu8-tyrr-97h8"},{"vulnerability":"VCID-j3y1-tes7-skgx"},{"vulnerability":"VCID-pvvd-pgxk-6fb8"},{"vulnerability":"VCID-yhkc-r66a-e7bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@5.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/448998?format=json","purl":"pkg:npm/sequelize@5.8.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrt-1c8d-a7f8"},{"vulnerability":"VCID-ezu8-tyrr-97h8"},{"vulnerability":"VCID-pvvd-pgxk-6fb8"},{"vulnerability":"VCID-yhkc-r66a-e7bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@5.8.12"}],"aliases":["CVE-2019-10748","GHSA-j9xp-92vc-559j"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j3y1-tes7-skgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/129236?format=json","vulnerability_id":"VCID-pvvd-pgxk-6fb8","summary":"Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the specific queries in use. The issue has been fixed in Sequelize 6.19.1. Users are advised to upgrade. Users unable to upgrade should not use the `replacements` and the `where` option in the same query.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25813","reference_id":"","reference_type":"","scores":[{"value":"0.03518","scoring_system":"epss","scoring_elements":"0.87914","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25813"},{"reference_url":"https://github.com/sequelize/sequelize","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25813","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25813"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-2932027","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-2932027"},{"reference_url":"https://github.com/sequelize/sequelize/issues/14519","reference_id":"14519","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:23Z/"}],"url":"https://github.com/sequelize/sequelize/issues/14519"},{"reference_url":"https://github.com/sequelize/sequelize/commit/ccaa3996047fe00048d5993ab2dd43ebadd4f78b","reference_id":"ccaa3996047fe00048d5993ab2dd43ebadd4f78b","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:23Z/"}],"url":"https://github.com/sequelize/sequelize/commit/ccaa3996047fe00048d5993ab2dd43ebadd4f78b"},{"reference_url":"https://github.com/advisories/GHSA-wrh9-cjv3-2hpw","reference_id":"GHSA-wrh9-cjv3-2hpw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wrh9-cjv3-2hpw"},{"reference_url":"https://github.com/sequelize/sequelize/security/advisories/GHSA-wrh9-cjv3-2hpw","reference_id":"GHSA-wrh9-cjv3-2hpw","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:23Z/"}],"url":"https://github.com/sequelize/sequelize/security/advisories/GHSA-wrh9-cjv3-2hpw"},{"reference_url":"https://github.com/sequelize/sequelize/releases/tag/v6.19.1","reference_id":"v6.19.1","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:23Z/"}],"url":"https://github.com/sequelize/sequelize/releases/tag/v6.19.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380496?format=json","purl":"pkg:npm/sequelize@6.19.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrt-1c8d-a7f8"},{"vulnerability":"VCID-ezu8-tyrr-97h8"},{"vulnerability":"VCID-nggk-kexj-h3fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@6.19.1"}],"aliases":["CVE-2023-25813","GHSA-wrh9-cjv3-2hpw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pvvd-pgxk-6fb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203707?format=json","vulnerability_id":"VCID-qn7w-5asy-tqdh","summary":"NoSQL Injection in sequelize","references":[{"reference_url":"https://github.com/sequelize/sequelize","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize"},{"reference_url":"https://github.com/sequelize/sequelize/commit/ccb99daedb69e8750a241436415ccac8abef358d","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/commit/ccb99daedb69e8750a241436415ccac8abef358d"},{"reference_url":"https://github.com/sequelize/sequelize/issues/7310","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/issues/7310"},{"reference_url":"https://github.com/sequelize/sequelize/pull/8240","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/pull/8240"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-SEQUELIZE-174147","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-SEQUELIZE-174147"},{"reference_url":"https://www.npmjs.com/advisories/820","reference_id":"","reference_type":"","scores":[],"url":"https://www.npmjs.com/advisories/820"},{"reference_url":"https://www.npmjs.com/advisories/820/versions","reference_id":"","reference_type":"","scores":[],"url":"https://www.npmjs.com/advisories/820/versions"},{"reference_url":"https://github.com/advisories/GHSA-wfp9-vr4j-f49j","reference_id":"GHSA-wfp9-vr4j-f49j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wfp9-vr4j-f49j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15335?format=json","purl":"pkg:npm/sequelize@4.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrt-1c8d-a7f8"},{"vulnerability":"VCID-ezu8-tyrr-97h8"},{"vulnerability":"VCID-j3y1-tes7-skgx"},{"vulnerability":"VCID-pvvd-pgxk-6fb8"},{"vulnerability":"VCID-yhkc-r66a-e7bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@4.12.0"}],"aliases":["GHSA-wfp9-vr4j-f49j","GMS-2019-139"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qn7w-5asy-tqdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204189?format=json","vulnerability_id":"VCID-yhkc-r66a-e7bk","summary":"SQL Injection in sequelize","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10752","reference_id":"","reference_type":"","scores":[{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62861","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10752"},{"reference_url":"https://github.com/sequelize/sequelize/commit/9bd0bc1,","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/commit/9bd0bc1,"},{"reference_url":"https://github.com/sequelize/sequelize/commit/9bd0bc111b6f502223edf7e902680f7cc2ed541e","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/commit/9bd0bc111b6f502223edf7e902680f7cc2ed541e"},{"reference_url":"https://github.com/sequelize/sequelize/pull/11329","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/pull/11329"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-SEQUELIZE-459751","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-SEQUELIZE-459751"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-SEQUELIZE-459751,","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-SEQUELIZE-459751,"},{"reference_url":"https://www.npmjs.com/advisories/1146","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/1146"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10752","reference_id":"CVE-2019-10752","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10752"},{"reference_url":"https://github.com/advisories/GHSA-m9jw-237r-gvfv","reference_id":"GHSA-m9jw-237r-gvfv","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m9jw-237r-gvfv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15688?format=json","purl":"pkg:npm/sequelize@4.44.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrt-1c8d-a7f8"},{"vulnerability":"VCID-ezu8-tyrr-97h8"},{"vulnerability":"VCID-pvvd-pgxk-6fb8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@4.44.3"},{"url":"http://public2.vulnerablecode.io/api/packages/15687?format=json","purl":"pkg:npm/sequelize@5.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrt-1c8d-a7f8"},{"vulnerability":"VCID-ezu8-tyrr-97h8"},{"vulnerability":"VCID-pvvd-pgxk-6fb8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@5.15.1"}],"aliases":["CVE-2019-10752","GHSA-m9jw-237r-gvfv"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yhkc-r66a-e7bk"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@4.2.1"}