Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/sequelize@3.19.3
Typenpm
Namespace
Namesequelize
Version3.19.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.37.8
Latest_non_vulnerable_version7.0.0-next.1
Affected_by_vulnerabilities
0
url VCID-3ugq-njms-xkgd
vulnerability_id VCID-3ugq-njms-xkgd
summary 
Unsafe fall-through in getWhereConditions
Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22579
reference_id
reference_type
scores
0
value 0.004
scoring_system epss
scoring_elements 0.61085
published_at 2026-06-05T12:55:00Z
1
value 0.004
scoring_system epss
scoring_elements 0.61082
published_at 2026-06-09T12:55:00Z
2
value 0.004
scoring_system epss
scoring_elements 0.61063
published_at 2026-06-08T12:55:00Z
3
value 0.004
scoring_system epss
scoring_elements 0.61081
published_at 2026-06-07T12:55:00Z
4
value 0.004
scoring_system epss
scoring_elements 0.61036
published_at 2026-06-04T12:55:00Z
5
value 0.004
scoring_system epss
scoring_elements 0.61092
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22579
1
reference_url https://csirt.divd.nl/DIVD-2022-00020
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://csirt.divd.nl/DIVD-2022-00020
2
reference_url https://csirt.divd.nl/DIVD-2022-00020/
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:45:28Z/
url https://csirt.divd.nl/DIVD-2022-00020/
3
reference_url https://github.com/sequelize/sequelize
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize
4
reference_url https://github.com/sequelize/sequelize/discussions/15698
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize/discussions/15698
5
reference_url https://github.com/sequelize/sequelize/pull/15375
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize/pull/15375
6
reference_url https://github.com/sequelize/sequelize/pull/15699
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize/pull/15699
7
reference_url https://github.com/sequelize/sequelize/releases/tag/v6.28.1
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize/releases/tag/v6.28.1
8
reference_url https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20
9
reference_url https://csirt.divd.nl/CVE-2023-22579
reference_id CVE-2023-22579
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:45:28Z/
url https://csirt.divd.nl/CVE-2023-22579
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22579
reference_id CVE-2023-22579
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22579
11
reference_url https://github.com/advisories/GHSA-vqfx-gj96-3w95
reference_id GHSA-vqfx-gj96-3w95
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vqfx-gj96-3w95
12
reference_url https://github.com/sequelize/sequelize/security/advisories/GHSA-vqfx-gj96-3w95
reference_id GHSA-vqfx-gj96-3w95
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize/security/advisories/GHSA-vqfx-gj96-3w95
fixed_packages
0
url pkg:npm/sequelize@6.28.1
purl pkg:npm/sequelize@6.28.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-xn4n-x26m-5qdx
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@6.28.1
1
url pkg:npm/sequelize@7.0.0-alpha.1
purl pkg:npm/sequelize@7.0.0-alpha.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@7.0.0-alpha.1
2
url pkg:npm/sequelize@7.0.0-next.1
purl pkg:npm/sequelize@7.0.0-next.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@7.0.0-next.1
aliases CVE-2023-22579, GHSA-vqfx-gj96-3w95
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ugq-njms-xkgd
1
url VCID-gdrv-eh82-7ycn
vulnerability_id VCID-gdrv-eh82-7ycn
summary 
SQL Injection
sequelize is vulnerable to SQLi allowing attackers to delete data in the `TestTable` table.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-10556
reference_id
reference_type
scores
0
value 0.0022
scoring_system epss
scoring_elements 0.44723
published_at 2026-06-06T12:55:00Z
1
value 0.0022
scoring_system epss
scoring_elements 0.44683
published_at 2026-06-09T12:55:00Z
2
value 0.0022
scoring_system epss
scoring_elements 0.4467
published_at 2026-06-08T12:55:00Z
3
value 0.0022
scoring_system epss
scoring_elements 0.44701
published_at 2026-06-07T12:55:00Z
4
value 0.0022
scoring_system epss
scoring_elements 0.44716
published_at 2026-06-05T12:55:00Z
5
value 0.0022
scoring_system epss
scoring_elements 0.44646
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-10556
1
reference_url https://github.com/sequelize/sequelize/commit/23952a2b020cc3571f090e67dae7feb084e1be71
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize/commit/23952a2b020cc3571f090e67dae7feb084e1be71
2
reference_url https://github.com/sequelize/sequelize/commits/v3.20.0?after=62e4dacb28a779a190a3e042b971dcd8c7926e49+34&branch=v3.20.0&qualified_name=refs%2Ftags%2Fv3.20.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize/commits/v3.20.0?after=62e4dacb28a779a190a3e042b971dcd8c7926e49+34&branch=v3.20.0&qualified_name=refs%2Ftags%2Fv3.20.0
3
reference_url https://github.com/sequelize/sequelize/issues/5671
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize/issues/5671
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-10556
reference_id CVE-2016-10556
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-10556
5
reference_url https://github.com/advisories/GHSA-9c2p-jw8p-f84v
reference_id GHSA-9c2p-jw8p-f84v
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9c2p-jw8p-f84v
fixed_packages
0
url pkg:npm/sequelize@3.20.0
purl pkg:npm/sequelize@3.20.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ugq-njms-xkgd
1
vulnerability VCID-gzz4-8wz6-f3f9
2
vulnerability VCID-hrt8-8z9v-euh8
3
vulnerability VCID-qraw-us96-3qej
4
vulnerability VCID-tccv-wk5y-jkde
5
vulnerability VCID-tufw-g33p-qqds
6
vulnerability VCID-uuy7-v2qy-yfhv
7
vulnerability VCID-v4z6-u42c-ukbh
8
vulnerability VCID-zk15-66xk-2ydf
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.20.0
aliases CVE-2016-10556, GHSA-9c2p-jw8p-f84v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gdrv-eh82-7ycn
2
url VCID-gzz4-8wz6-f3f9
vulnerability_id VCID-gzz4-8wz6-f3f9
summary 
Sequelize information disclosure vulnerability
Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22580
reference_id
reference_type
scores
0
value 0.00286
scoring_system epss
scoring_elements 0.52338
published_at 2026-06-06T12:55:00Z
1
value 0.00286
scoring_system epss
scoring_elements 0.5231
published_at 2026-06-09T12:55:00Z
2
value 0.00286
scoring_system epss
scoring_elements 0.52289
published_at 2026-06-08T12:55:00Z
3
value 0.00286
scoring_system epss
scoring_elements 0.52318
published_at 2026-06-07T12:55:00Z
4
value 0.00286
scoring_system epss
scoring_elements 0.52271
published_at 2026-06-04T12:55:00Z
5
value 0.00286
scoring_system epss
scoring_elements 0.52331
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22580
1
reference_url https://csirt.divd.nl/DIVD-2022-00020
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://csirt.divd.nl/DIVD-2022-00020
2
reference_url https://csirt.divd.nl/DIVD-2022-00020/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:49:39Z/
url https://csirt.divd.nl/DIVD-2022-00020/
3
reference_url https://github.com/sequelize/sequelize
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize
4
reference_url https://github.com/sequelize/sequelize/pull/15375
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize/pull/15375
5
reference_url https://github.com/sequelize/sequelize/pull/15699
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize/pull/15699
6
reference_url https://github.com/sequelize/sequelize/releases/tag/v6.28.1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize/releases/tag/v6.28.1
7
reference_url https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20
8
reference_url https://csirt.divd.nl/CVE-2023-22580
reference_id CVE-2023-22580
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:49:39Z/
url https://csirt.divd.nl/CVE-2023-22580
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22580
reference_id CVE-2023-22580
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22580
10
reference_url https://github.com/advisories/GHSA-8c25-f3mj-v6h8
reference_id GHSA-8c25-f3mj-v6h8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8c25-f3mj-v6h8
fixed_packages
0
url pkg:npm/sequelize@6.28.1
purl pkg:npm/sequelize@6.28.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-xn4n-x26m-5qdx
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@6.28.1
1
url pkg:npm/sequelize@7.0.0-alpha.1
purl pkg:npm/sequelize@7.0.0-alpha.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@7.0.0-alpha.1
2
url pkg:npm/sequelize@7.0.0-next.1
purl pkg:npm/sequelize@7.0.0-next.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@7.0.0-next.1
aliases CVE-2023-22580, GHSA-8c25-f3mj-v6h8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gzz4-8wz6-f3f9
3
url VCID-hrt8-8z9v-euh8
vulnerability_id VCID-hrt8-8z9v-euh8
summary Sequelize all versions prior are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10748
reference_id
reference_type
scores
0
value 0.00427
scoring_system epss
scoring_elements 0.62795
published_at 2026-06-09T12:55:00Z
1
value 0.00427
scoring_system epss
scoring_elements 0.62781
published_at 2026-06-08T12:55:00Z
2
value 0.00427
scoring_system epss
scoring_elements 0.62752
published_at 2026-06-04T12:55:00Z
3
value 0.00427
scoring_system epss
scoring_elements 0.62796
published_at 2026-06-05T12:55:00Z
4
value 0.00427
scoring_system epss
scoring_elements 0.62805
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10748
1
reference_url https://github.com/sequelize/sequelize/commit/a72a3f5,
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize/commit/a72a3f5,
2
reference_url https://github.com/sequelize/sequelize/pull/11089,
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize/pull/11089,
3
reference_url https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450221
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450221
4
reference_url https://www.npmjs.com/advisories/1018
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/1018
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10748
reference_id CVE-2019-10748
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10748
6
reference_url https://github.com/advisories/GHSA-j9xp-92vc-559j
reference_id GHSA-j9xp-92vc-559j
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j9xp-92vc-559j
fixed_packages
0
url pkg:npm/sequelize@3.35.1
purl pkg:npm/sequelize@3.35.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ugq-njms-xkgd
1
vulnerability VCID-gzz4-8wz6-f3f9
2
vulnerability VCID-uuy7-v2qy-yfhv
3
vulnerability VCID-zk15-66xk-2ydf
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.35.1
1
url pkg:npm/sequelize@4.44.3
purl pkg:npm/sequelize@4.44.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ugq-njms-xkgd
1
vulnerability VCID-gzz4-8wz6-f3f9
2
vulnerability VCID-uuy7-v2qy-yfhv
3
vulnerability VCID-zk15-66xk-2ydf
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@4.44.3
2
url pkg:npm/sequelize@5.8.11
purl pkg:npm/sequelize@5.8.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ugq-njms-xkgd
1
vulnerability VCID-gzz4-8wz6-f3f9
2
vulnerability VCID-hnqn-f4z6-m7gf
3
vulnerability VCID-hrt8-8z9v-euh8
4
vulnerability VCID-zk15-66xk-2ydf
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@5.8.11
3
url pkg:npm/sequelize@5.8.12
purl pkg:npm/sequelize@5.8.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ugq-njms-xkgd
1
vulnerability VCID-gzz4-8wz6-f3f9
2
vulnerability VCID-hnqn-f4z6-m7gf
3
vulnerability VCID-zk15-66xk-2ydf
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@5.8.12
aliases CVE-2019-10748, GHSA-j9xp-92vc-559j
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hrt8-8z9v-euh8
4
url VCID-qraw-us96-3qej
vulnerability_id VCID-qraw-us96-3qej
summary 
SQL Injection via GeoJSON
SequelizeJS is vulnerable to SQL injection via GeoJSON documents containing a value with a single quote. This vulnerability affects postresql/postgis as well as MySQL.
references
0
reference_url https://github.com/sequelize/sequelize/issues/6194
reference_id
reference_type
scores
url https://github.com/sequelize/sequelize/issues/6194
1
reference_url https://github.com/sequelize/sequelize/pull/6302/commits/f93af43a1d86400487f5e3d9762f1a4b7cf6b1e1
reference_id
reference_type
scores
url https://github.com/sequelize/sequelize/pull/6302/commits/f93af43a1d86400487f5e3d9762f1a4b7cf6b1e1
2
reference_url https://github.com/sequelize/sequelize/pull/6303/commits/a81ac1f38476d553c92d522913e91c6e07acc4fa
reference_id
reference_type
scores
url https://github.com/sequelize/sequelize/pull/6303/commits/a81ac1f38476d553c92d522913e91c6e07acc4fa
fixed_packages
0
url pkg:npm/sequelize@3.23.5
purl pkg:npm/sequelize@3.23.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ugq-njms-xkgd
1
vulnerability VCID-gzz4-8wz6-f3f9
2
vulnerability VCID-hrt8-8z9v-euh8
3
vulnerability VCID-tccv-wk5y-jkde
4
vulnerability VCID-tufw-g33p-qqds
5
vulnerability VCID-uuy7-v2qy-yfhv
6
vulnerability VCID-v4z6-u42c-ukbh
7
vulnerability VCID-zk15-66xk-2ydf
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.23.5
1
url pkg:npm/sequelize@4.0.0-0
purl pkg:npm/sequelize@4.0.0-0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ugq-njms-xkgd
1
vulnerability VCID-gzz4-8wz6-f3f9
2
vulnerability VCID-tccv-wk5y-jkde
3
vulnerability VCID-uuy7-v2qy-yfhv
4
vulnerability VCID-zk15-66xk-2ydf
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@4.0.0-0
aliases GMS-2016-41
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qraw-us96-3qej
5
url VCID-tccv-wk5y-jkde
vulnerability_id VCID-tccv-wk5y-jkde
summary 
NoSQL Injection in sequelize
Versions of `sequelize` prior to 4.12.0 are vulnerable to NoSQL Injection. Query operators such as `$gt` are not properly sanitized and may allow an attacker to alter data queries, leading to NoSQL Injection.


## Recommendation

Upgrade to version 4.12.0 or later
references
0
reference_url https://github.com/sequelize/sequelize
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize
1
reference_url https://github.com/sequelize/sequelize/commit/ccb99daedb69e8750a241436415ccac8abef358d
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize/commit/ccb99daedb69e8750a241436415ccac8abef358d
2
reference_url https://github.com/sequelize/sequelize/issues/7310
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize/issues/7310
3
reference_url https://github.com/sequelize/sequelize/pull/8240
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize/pull/8240
4
reference_url https://snyk.io/vuln/SNYK-JS-SEQUELIZE-174147
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-SEQUELIZE-174147
5
reference_url https://www.npmjs.com/advisories/820
reference_id
reference_type
scores
url https://www.npmjs.com/advisories/820
6
reference_url https://www.npmjs.com/advisories/820/versions
reference_id
reference_type
scores
url https://www.npmjs.com/advisories/820/versions
7
reference_url https://github.com/advisories/GHSA-wfp9-vr4j-f49j
reference_id GHSA-wfp9-vr4j-f49j
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wfp9-vr4j-f49j
fixed_packages
0
url pkg:npm/sequelize@4.12.0
purl pkg:npm/sequelize@4.12.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ugq-njms-xkgd
1
vulnerability VCID-gzz4-8wz6-f3f9
2
vulnerability VCID-hnqn-f4z6-m7gf
3
vulnerability VCID-hrt8-8z9v-euh8
4
vulnerability VCID-uuy7-v2qy-yfhv
5
vulnerability VCID-zk15-66xk-2ydf
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@4.12.0
aliases GHSA-wfp9-vr4j-f49j, GMS-2019-139
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tccv-wk5y-jkde
6
url VCID-tufw-g33p-qqds
vulnerability_id VCID-tufw-g33p-qqds
summary 
SQL Injection via GeoJSON
SequelizeJS 3.23.4 is vulnerable to SQL injection via GeoJSON documents containing a value with a single quote.  This vulnerability affects postresql/postgis as well as MySQL. This vulnerability only exists within GeoJSON documents using the function `ST_GeomFromGeoJSON` for postgresql/postgis and the function `GeomFromText` for mysql. SequelizeJS's `geometry` datatype is vulnerable.  If you have SequelizeJS models with a field that has a datatype of 'Geometry' and run a mysql or postgresql/postgis backend, your application is vulnerable

SequelizeJS is a popular ORM (Object Relational Mapper) for node.  

GeoJSON is a format for encoding a variety of geographic data structures.
references
0
reference_url http://docs.sequelizejs.com/en/latest/api/datatypes/#geometry
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
url http://docs.sequelizejs.com/en/latest/api/datatypes/#geometry
1
reference_url http://geojson.org/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
url http://geojson.org/
2
reference_url https://github.com/sequelize/sequelize
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize
3
reference_url https://github.com/sequelize/sequelize/commit/14e3deaf3ad27f12900e5275db1d448844c9de3e
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize/commit/14e3deaf3ad27f12900e5275db1d448844c9de3e
4
reference_url https://github.com/sequelize/sequelize/commit/18ac91040d9c57351d26ba998f460e214255b704
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize/commit/18ac91040d9c57351d26ba998f460e214255b704
5
reference_url https://github.com/sequelize/sequelize/commit/562d52585902090f4e53eb21c61314098c29d795
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize/commit/562d52585902090f4e53eb21c61314098c29d795
6
reference_url https://github.com/sequelize/sequelize/commit/f93af43a1d86400487f5e3d9762f1a4b7cf6b1e1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize/commit/f93af43a1d86400487f5e3d9762f1a4b7cf6b1e1
7
reference_url https://github.com/sequelize/sequelize/issues/6194
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize/issues/6194
8
reference_url https://github.com/sequelize/sequelize/pull/6302
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize/pull/6302
9
reference_url https://github.com/sequelize/sequelize/pull/6306
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize/pull/6306
10
reference_url https://snyk.io/vuln/npm:sequelize:20160718
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/npm:sequelize:20160718
11
reference_url https://www.npmjs.com/advisories/122
reference_id
reference_type
scores
url https://www.npmjs.com/advisories/122
12
reference_url https://github.com/nodejs/security-wg/blob/main/vuln/npm/122.json
reference_id 122
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
url https://github.com/nodejs/security-wg/blob/main/vuln/npm/122.json
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1000225
reference_id CVE-2016-1000225
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-1000225
14
reference_url https://github.com/advisories/GHSA-5v9h-q3gj-c32x
reference_id GHSA-5v9h-q3gj-c32x
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5v9h-q3gj-c32x
fixed_packages
0
url pkg:npm/sequelize@3.23.6
purl pkg:npm/sequelize@3.23.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ugq-njms-xkgd
1
vulnerability VCID-gzz4-8wz6-f3f9
2
vulnerability VCID-hrt8-8z9v-euh8
3
vulnerability VCID-tccv-wk5y-jkde
4
vulnerability VCID-uuy7-v2qy-yfhv
5
vulnerability VCID-v4z6-u42c-ukbh
6
vulnerability VCID-zk15-66xk-2ydf
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.23.6
aliases CVE-2016-1000225, GHSA-5v9h-q3gj-c32x, GMS-2020-770
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tufw-g33p-qqds
7
url VCID-uuy7-v2qy-yfhv
vulnerability_id VCID-uuy7-v2qy-yfhv
summary 
Denial of Service in sequelize
Versions of `sequelize` prior to 4.44.4 are vulnerable to Denial of Service (DoS). The SQLite dialect fails to catch a `TypeError` exception for the `results` variable. The `results` value may be undefined and trigger the error on a `.map` call. This may allow attackers to submit malicious input that forces the exception and crashes the Node process.  

The following proof-of-concept crashes the Node process:  
```
const Sequelize = require('sequelize');

const sequelize = new Sequelize({
	dialect: 'sqlite',
	storage: 'database.sqlite'
});

const TypeError = sequelize.define('TypeError', {
	name: Sequelize.STRING,
});

TypeError.sync({force: true}).then(() => {
	return TypeError.create({name: "SELECT tbl_name FROM sqlite_master"});
});
```


## Recommendation

Upgrade to version 4.44.4 or later.
references
0
reference_url https://github.com/sequelize/sequelize/pull/11877
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize/pull/11877
1
reference_url https://www.npmjs.com/advisories/1142
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/1142
2
reference_url https://github.com/advisories/GHSA-fw4p-36j9-rrj3
reference_id GHSA-fw4p-36j9-rrj3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fw4p-36j9-rrj3
fixed_packages
0
url pkg:npm/sequelize@4.44.4
purl pkg:npm/sequelize@4.44.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ugq-njms-xkgd
1
vulnerability VCID-gzz4-8wz6-f3f9
2
vulnerability VCID-zk15-66xk-2ydf
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@4.44.4
aliases GHSA-fw4p-36j9-rrj3, GMS-2020-771
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uuy7-v2qy-yfhv
8
url VCID-v4z6-u42c-ukbh
vulnerability_id VCID-v4z6-u42c-ukbh
summary sequelize allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10749
reference_id
reference_type
scores
0
value 0.00357
scoring_system epss
scoring_elements 0.58258
published_at 2026-06-04T12:55:00Z
1
value 0.00357
scoring_system epss
scoring_elements 0.58308
published_at 2026-06-09T12:55:00Z
2
value 0.00357
scoring_system epss
scoring_elements 0.58304
published_at 2026-06-07T12:55:00Z
3
value 0.00357
scoring_system epss
scoring_elements 0.58315
published_at 2026-06-06T12:55:00Z
4
value 0.00357
scoring_system epss
scoring_elements 0.58307
published_at 2026-06-05T12:55:00Z
5
value 0.00357
scoring_system epss
scoring_elements 0.58289
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10749
1
reference_url https://github.com/sequelize/sequelize/commit/ee4017379db0059566ecb5424274ad4e2d66bc68
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize/commit/ee4017379db0059566ecb5424274ad4e2d66bc68
2
reference_url https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450222
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450222
3
reference_url https://www.npmjs.com/advisories/1017
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/1017
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10749
reference_id CVE-2019-10749
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10749
5
reference_url https://github.com/advisories/GHSA-2598-2f59-rmhq
reference_id GHSA-2598-2f59-rmhq
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2598-2f59-rmhq
fixed_packages
0
url pkg:npm/sequelize@3.35.1
purl pkg:npm/sequelize@3.35.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ugq-njms-xkgd
1
vulnerability VCID-gzz4-8wz6-f3f9
2
vulnerability VCID-uuy7-v2qy-yfhv
3
vulnerability VCID-zk15-66xk-2ydf
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.35.1
aliases CVE-2019-10749, GHSA-2598-2f59-rmhq
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v4z6-u42c-ukbh
9
url VCID-y51v-nwsy-dba4
vulnerability_id VCID-y51v-nwsy-dba4
summary 
Improper Escaping of Bound Arrays
In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped.
references
0
reference_url https://github.com/sequelize/sequelize/issues/5671
reference_id
reference_type
scores
url https://github.com/sequelize/sequelize/issues/5671
fixed_packages
0
url pkg:npm/sequelize@3.20.0
purl pkg:npm/sequelize@3.20.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ugq-njms-xkgd
1
vulnerability VCID-gzz4-8wz6-f3f9
2
vulnerability VCID-hrt8-8z9v-euh8
3
vulnerability VCID-qraw-us96-3qej
4
vulnerability VCID-tccv-wk5y-jkde
5
vulnerability VCID-tufw-g33p-qqds
6
vulnerability VCID-uuy7-v2qy-yfhv
7
vulnerability VCID-v4z6-u42c-ukbh
8
vulnerability VCID-zk15-66xk-2ydf
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.20.0
aliases GMS-2016-78
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y51v-nwsy-dba4
10
url VCID-zk15-66xk-2ydf
vulnerability_id VCID-zk15-66xk-2ydf
summary 
Sequelize vulnerable to SQL Injection via replacements
Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the specific queries in use. The issue has been fixed in Sequelize 6.19.1. Users are advised to upgrade. Users unable to upgrade should not use the `replacements` and the `where` option in the same query.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25813
reference_id
reference_type
scores
0
value 0.03518
scoring_system epss
scoring_elements 0.87891
published_at 2026-06-09T12:55:00Z
1
value 0.03518
scoring_system epss
scoring_elements 0.87853
published_at 2026-06-04T12:55:00Z
2
value 0.03518
scoring_system epss
scoring_elements 0.87875
published_at 2026-06-05T12:55:00Z
3
value 0.03518
scoring_system epss
scoring_elements 0.87877
published_at 2026-06-07T12:55:00Z
4
value 0.03518
scoring_system epss
scoring_elements 0.87879
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25813
1
reference_url https://github.com/sequelize/sequelize
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sequelize/sequelize
2
reference_url https://github.com/sequelize/sequelize/commit/ccaa3996047fe00048d5993ab2dd43ebadd4f78b
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:23Z/
url https://github.com/sequelize/sequelize/commit/ccaa3996047fe00048d5993ab2dd43ebadd4f78b
3
reference_url https://github.com/sequelize/sequelize/issues/14519
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:23Z/
url https://github.com/sequelize/sequelize/issues/14519
4
reference_url https://github.com/sequelize/sequelize/releases/tag/v6.19.1
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:23Z/
url https://github.com/sequelize/sequelize/releases/tag/v6.19.1
5
reference_url https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-2932027
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-2932027
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25813
reference_id CVE-2023-25813
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25813
7
reference_url https://github.com/advisories/GHSA-wrh9-cjv3-2hpw
reference_id GHSA-wrh9-cjv3-2hpw
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wrh9-cjv3-2hpw
8
reference_url https://github.com/sequelize/sequelize/security/advisories/GHSA-wrh9-cjv3-2hpw
reference_id GHSA-wrh9-cjv3-2hpw
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:02:23Z/
url https://github.com/sequelize/sequelize/security/advisories/GHSA-wrh9-cjv3-2hpw
fixed_packages
0
url pkg:npm/sequelize@6.19.1
purl pkg:npm/sequelize@6.19.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ugq-njms-xkgd
1
vulnerability VCID-gzz4-8wz6-f3f9
2
vulnerability VCID-xn4n-x26m-5qdx
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@6.19.1
aliases CVE-2023-25813, GHSA-wrh9-cjv3-2hpw
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zk15-66xk-2ydf
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.19.3