Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40payloadcms/drizzle@3.61.0-internal.c252d14
Typenpm
Namespace@payloadcms
Namedrizzle
Version3.61.0-internal.c252d14
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.73.0
Latest_non_vulnerable_version3.73.0
Affected_by_vulnerabilities
0
url VCID-m66u-capz-nqcx
vulnerability_id VCID-m66u-capz-nqcx
summary 
@payloadcms/drizzle has SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters
When querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL Injection attacks. An unauthenticated attacker could extract sensitive data (emails, password reset tokens) and achieve full account takeover without password cracking.

**Users are affected if ALL of these are true:**

1. Payload version < v3.73.0
2. Using a Drizzle-based database adapter (`@payloadcms/drizzle` as dependency):
- `@payloadcms/db-postgres`
- `@payloadcms/db-vercel-postgres`
- `@payloadcms/db-sqlite`
- `@payloadcms/db-d1-sqlite`
3. At least one accessible collection that has a `type: 'json'` or `type: 'richText'` field where `access.read` returns anything other than `false` (`true` or `Where` constraint)

**Users are NOT affected if:**

- Using `@payloadcms/db-mongodb`
- No JSON or richText fields exist in any collection
- All JSON/richText fields have `access: { read: () => false }`
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25544
reference_id
reference_type
scores
0
value 0.00039
scoring_system epss
scoring_elements 0.11997
published_at 2026-06-07T12:55:00Z
1
value 0.00039
scoring_system epss
scoring_elements 0.12036
published_at 2026-06-06T12:55:00Z
2
value 0.00039
scoring_system epss
scoring_elements 0.12041
published_at 2026-06-05T12:55:00Z
3
value 0.00045
scoring_system epss
scoring_elements 0.14124
published_at 2026-06-09T12:55:00Z
4
value 0.00045
scoring_system epss
scoring_elements 0.14101
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25544
1
reference_url https://github.com/payloadcms/payload
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/payloadcms/payload
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25544
reference_id CVE-2026-25544
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25544
3
reference_url https://github.com/advisories/GHSA-xx6w-jxg9-2wh8
reference_id GHSA-xx6w-jxg9-2wh8
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xx6w-jxg9-2wh8
4
reference_url https://github.com/payloadcms/payload/security/advisories/GHSA-xx6w-jxg9-2wh8
reference_id GHSA-xx6w-jxg9-2wh8
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-09T15:22:49Z/
url https://github.com/payloadcms/payload/security/advisories/GHSA-xx6w-jxg9-2wh8
fixed_packages
0
url pkg:npm/%40payloadcms/drizzle@3.73.0
purl pkg:npm/%40payloadcms/drizzle@3.73.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540payloadcms/drizzle@3.73.0
aliases CVE-2026-25544, GHSA-xx6w-jxg9-2wh8
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m66u-capz-nqcx
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540payloadcms/drizzle@3.61.0-internal.c252d14