{"url":"http://public2.vulnerablecode.io/api/packages/91499?format=json","purl":"pkg:npm/sequelize@1.7.7","type":"npm","namespace":"","name":"sequelize","version":"1.7.7","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.35.1","latest_non_vulnerable_version":"7.0.0-next.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12353?format=json","vulnerability_id":"VCID-37w2-g8bf-wqgk","summary":"SQL Injection\nsequelize is vulnerable to SQLi allowing attackers to delete data in the `TestTable` table.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10556","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44648","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10556"},{"reference_url":"https://github.com/sequelize/sequelize/commit/23952a2b020cc3571f090e67dae7feb084e1be71","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/commit/23952a2b020cc3571f090e67dae7feb084e1be71"},{"reference_url":"https://github.com/sequelize/sequelize/commits/v3.20.0?after=62e4dacb28a779a190a3e042b971dcd8c7926e49+34&branch=v3.20.0&qualified_name=refs%2Ftags%2Fv3.20.0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/commits/v3.20.0?after=62e4dacb28a779a190a3e042b971dcd8c7926e49+34&branch=v3.20.0&qualified_name=refs%2Ftags%2Fv3.20.0"},{"reference_url":"https://github.com/sequelize/sequelize/issues/5671","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/issues/5671"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-10556","reference_id":"CVE-2016-10556","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-10556"},{"reference_url":"https://github.com/advisories/GHSA-9c2p-jw8p-f84v","reference_id":"GHSA-9c2p-jw8p-f84v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9c2p-jw8p-f84v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51908?format=json","purl":"pkg:npm/sequelize@3.20.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a8a3-z2yk-3kf2"},{"vulnerability":"VCID-dpmr-kvdq-nfea"},{"vulnerability":"VCID-qpvj-3m3m-z3g7"},{"vulnerability":"VCID-ucx1-bd7b-pfbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.20.0"}],"aliases":["CVE-2016-10556","GHSA-9c2p-jw8p-f84v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-37w2-g8bf-wqgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13350?format=json","vulnerability_id":"VCID-392u-rg11-afek","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nsequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10553","reference_id":"","reference_type":"","scores":[{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50256","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10553"},{"reference_url":"https://github.com/sequelize/sequelize/blob/master/changelog.md#300","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/blob/master/changelog.md#300"},{"reference_url":"https://nodesecurity.io/advisories/109","reference_id":"","reference_type":"","scores":[],"url":"https://nodesecurity.io/advisories/109"},{"reference_url":"https://www.npmjs.com/advisories/109","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/109"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-10553","reference_id":"CVE-2016-10553","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-10553"},{"reference_url":"https://github.com/advisories/GHSA-2v7q-2xqx-f4q5","reference_id":"GHSA-2v7q-2xqx-f4q5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2v7q-2xqx-f4q5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51915?format=json","purl":"pkg:npm/sequelize@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37w2-g8bf-wqgk"},{"vulnerability":"VCID-8uq9-b2su-r3e2"},{"vulnerability":"VCID-a8a3-z2yk-3kf2"},{"vulnerability":"VCID-dpmr-kvdq-nfea"},{"vulnerability":"VCID-p7xu-p4jq-cfhy"},{"vulnerability":"VCID-qpvj-3m3m-z3g7"},{"vulnerability":"VCID-ucx1-bd7b-pfbm"},{"vulnerability":"VCID-vxmd-s4h7-nkbx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.0.0"}],"aliases":["CVE-2016-10553","GHSA-2v7q-2xqx-f4q5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-392u-rg11-afek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11051?format=json","vulnerability_id":"VCID-5yjy-bjc7-muar","summary":"Potential SQL Injection\nSequelize contains a potential SQL injection.","references":[{"reference_url":"https://github.com/sequelize/sequelize/blob/master/changelog.md#300","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sequelize/sequelize/blob/master/changelog.md#300"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51915?format=json","purl":"pkg:npm/sequelize@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37w2-g8bf-wqgk"},{"vulnerability":"VCID-8uq9-b2su-r3e2"},{"vulnerability":"VCID-a8a3-z2yk-3kf2"},{"vulnerability":"VCID-dpmr-kvdq-nfea"},{"vulnerability":"VCID-p7xu-p4jq-cfhy"},{"vulnerability":"VCID-qpvj-3m3m-z3g7"},{"vulnerability":"VCID-ucx1-bd7b-pfbm"},{"vulnerability":"VCID-vxmd-s4h7-nkbx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.0.0"}],"aliases":["GMS-2016-81"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5yjy-bjc7-muar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13347?format=json","vulnerability_id":"VCID-8uq9-b2su-r3e2","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nsequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the `limit` or `order` parameters, a malicious user can put in their own SQL statements. This affects sequelize 3.16.0 and earlier.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10550","reference_id":"","reference_type":"","scores":[{"value":"0.00486","scoring_system":"epss","scoring_elements":"0.65701","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10550"},{"reference_url":"https://github.com/sequelize/sequelize/pull/5167/commits/f282d85e60e3df5e57ecdb82adccb4eaef404f03","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/pull/5167/commits/f282d85e60e3df5e57ecdb82adccb4eaef404f03"},{"reference_url":"https://nodesecurity.io/advisories/112","reference_id":"","reference_type":"","scores":[],"url":"https://nodesecurity.io/advisories/112"},{"reference_url":"https://www.npmjs.com/advisories/112","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/112"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-10550","reference_id":"CVE-2016-10550","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-10550"},{"reference_url":"https://github.com/advisories/GHSA-98pq-pmw9-4gpm","reference_id":"GHSA-98pq-pmw9-4gpm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-98pq-pmw9-4gpm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51903?format=json","purl":"pkg:npm/sequelize@3.17.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37w2-g8bf-wqgk"},{"vulnerability":"VCID-a8a3-z2yk-3kf2"},{"vulnerability":"VCID-dpmr-kvdq-nfea"},{"vulnerability":"VCID-qpvj-3m3m-z3g7"},{"vulnerability":"VCID-ucx1-bd7b-pfbm"},{"vulnerability":"VCID-vxmd-s4h7-nkbx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.17.0"}],"aliases":["CVE-2016-10550","GHSA-98pq-pmw9-4gpm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8uq9-b2su-r3e2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13657?format=json","vulnerability_id":"VCID-a8a3-z2yk-3kf2","summary":"NoSQL Injection in sequelize\nVersions of `sequelize` prior to 4.12.0 are vulnerable to NoSQL Injection. Query operators such as `$gt` are not properly sanitized and may allow an attacker to alter data queries, leading to NoSQL Injection.\n\n\n## Recommendation\n\nUpgrade to version 4.12.0 or later","references":[{"reference_url":"https://github.com/sequelize/sequelize","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize"},{"reference_url":"https://github.com/sequelize/sequelize/commit/ccb99daedb69e8750a241436415ccac8abef358d","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/commit/ccb99daedb69e8750a241436415ccac8abef358d"},{"reference_url":"https://github.com/sequelize/sequelize/issues/7310","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/issues/7310"},{"reference_url":"https://github.com/sequelize/sequelize/pull/8240","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/pull/8240"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-SEQUELIZE-174147","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-SEQUELIZE-174147"},{"reference_url":"https://www.npmjs.com/advisories/820","reference_id":"","reference_type":"","scores":[],"url":"https://www.npmjs.com/advisories/820"},{"reference_url":"https://www.npmjs.com/advisories/820/versions","reference_id":"","reference_type":"","scores":[],"url":"https://www.npmjs.com/advisories/820/versions"},{"reference_url":"https://github.com/advisories/GHSA-wfp9-vr4j-f49j","reference_id":"GHSA-wfp9-vr4j-f49j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wfp9-vr4j-f49j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57136?format=json","purl":"pkg:npm/sequelize@4.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dpmr-kvdq-nfea"},{"vulnerability":"VCID-vdmt-fc2v-13dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@4.12.0"}],"aliases":["GHSA-wfp9-vr4j-f49j","GMS-2019-139"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a8a3-z2yk-3kf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11043?format=json","vulnerability_id":"VCID-p7xu-p4jq-cfhy","summary":"SQL Injection via LIMIT and ORDER\nIf user input goes into the `limit` or `order` parameters, a malicious user can put in their own SQL statements.","references":[{"reference_url":"https://github.com/sequelize/sequelize/pull/5167/commits/f282d85e60e3df5e57ecdb82adccb4eaef404f03","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sequelize/sequelize/pull/5167/commits/f282d85e60e3df5e57ecdb82adccb4eaef404f03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51903?format=json","purl":"pkg:npm/sequelize@3.17.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37w2-g8bf-wqgk"},{"vulnerability":"VCID-a8a3-z2yk-3kf2"},{"vulnerability":"VCID-dpmr-kvdq-nfea"},{"vulnerability":"VCID-qpvj-3m3m-z3g7"},{"vulnerability":"VCID-ucx1-bd7b-pfbm"},{"vulnerability":"VCID-vxmd-s4h7-nkbx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.17.0"}],"aliases":["GMS-2016-76"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p7xu-p4jq-cfhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/136875?format=json","vulnerability_id":"VCID-qpvj-3m3m-z3g7","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10749","reference_id":"","reference_type":"","scores":[{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58235","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10749"},{"reference_url":"https://github.com/sequelize/sequelize/commit/ee4017379db0059566ecb5424274ad4e2d66bc68","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/commit/ee4017379db0059566ecb5424274ad4e2d66bc68"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450222","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450222"},{"reference_url":"https://www.npmjs.com/advisories/1017","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/1017"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10749","reference_id":"CVE-2019-10749","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10749"},{"reference_url":"https://github.com/advisories/GHSA-2598-2f59-rmhq","reference_id":"GHSA-2598-2f59-rmhq","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2598-2f59-rmhq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74326?format=json","purl":"pkg:npm/sequelize@3.35.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.35.1"}],"aliases":["CVE-2019-10749","GHSA-2598-2f59-rmhq"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qpvj-3m3m-z3g7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10615?format=json","vulnerability_id":"VCID-tqwg-1tqs-gkeh","summary":"SQL Injection in Order\nSQL Injection is possible in an application using the npm module sequelize if untrusted user input is passed into the order parameter. Example: ``` Test.findAndCountAll({ where: { id :1 }, order : [['id', 'UNTRUSTED USER INPUT']] }) ```","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1369","reference_id":"","reference_type":"","scores":[{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58451","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1369"},{"reference_url":"https://github.com/sequelize/sequelize","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize"},{"reference_url":"https://github.com/sequelize/sequelize/issues/2906","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/issues/2906"},{"reference_url":"https://github.com/sequelize/sequelize/pull/2919","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sequelize/sequelize/pull/2919"},{"reference_url":"https://www.npmjs.com/advisories/33","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/33"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/01/23/2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/01/23/2"},{"reference_url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/33.json","reference_id":"33","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/33.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1369","reference_id":"CVE-2015-1369","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1369"},{"reference_url":"https://github.com/advisories/GHSA-xqg8-cv3h-xppv","reference_id":"GHSA-xqg8-cv3h-xppv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xqg8-cv3h-xppv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51065?format=json","purl":"pkg:npm/sequelize@2.0.0-rc8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37w2-g8bf-wqgk"},{"vulnerability":"VCID-392u-rg11-afek"},{"vulnerability":"VCID-5yjy-bjc7-muar"},{"vulnerability":"VCID-8uq9-b2su-r3e2"},{"vulnerability":"VCID-a8a3-z2yk-3kf2"},{"vulnerability":"VCID-p7xu-p4jq-cfhy"},{"vulnerability":"VCID-qpvj-3m3m-z3g7"},{"vulnerability":"VCID-ucx1-bd7b-pfbm"},{"vulnerability":"VCID-vxmd-s4h7-nkbx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@2.0.0-rc8"}],"aliases":["CVE-2015-1369","GHSA-xqg8-cv3h-xppv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tqwg-1tqs-gkeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10968?format=json","vulnerability_id":"VCID-ucx1-bd7b-pfbm","summary":"SQL Injection via GeoJSON\nSequelizeJS is vulnerable to SQL injection via GeoJSON documents containing a value with a single quote. This vulnerability affects postresql/postgis as well as MySQL.","references":[{"reference_url":"https://github.com/sequelize/sequelize/issues/6194","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sequelize/sequelize/issues/6194"},{"reference_url":"https://github.com/sequelize/sequelize/pull/6302/commits/f93af43a1d86400487f5e3d9762f1a4b7cf6b1e1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sequelize/sequelize/pull/6302/commits/f93af43a1d86400487f5e3d9762f1a4b7cf6b1e1"},{"reference_url":"https://github.com/sequelize/sequelize/pull/6303/commits/a81ac1f38476d553c92d522913e91c6e07acc4fa","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sequelize/sequelize/pull/6303/commits/a81ac1f38476d553c92d522913e91c6e07acc4fa"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51775?format=json","purl":"pkg:npm/sequelize@3.23.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a8a3-z2yk-3kf2"},{"vulnerability":"VCID-dpmr-kvdq-nfea"},{"vulnerability":"VCID-qpvj-3m3m-z3g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.23.5"},{"url":"http://public2.vulnerablecode.io/api/packages/96865?format=json","purl":"pkg:npm/sequelize@4.0.0-0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a8a3-z2yk-3kf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@4.0.0-0"}],"aliases":["GMS-2016-41"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ucx1-bd7b-pfbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11046?format=json","vulnerability_id":"VCID-vxmd-s4h7-nkbx","summary":"Improper Escaping of Bound Arrays\nIn Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped.","references":[{"reference_url":"https://github.com/sequelize/sequelize/issues/5671","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sequelize/sequelize/issues/5671"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51908?format=json","purl":"pkg:npm/sequelize@3.20.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a8a3-z2yk-3kf2"},{"vulnerability":"VCID-dpmr-kvdq-nfea"},{"vulnerability":"VCID-qpvj-3m3m-z3g7"},{"vulnerability":"VCID-ucx1-bd7b-pfbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@3.20.0"}],"aliases":["GMS-2016-78"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vxmd-s4h7-nkbx"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sequelize@1.7.7"}