VulnerableCode Package Details - pkg:npm/sequelize@3.17.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/sequelize@3.17.0

Essentials
History (15)

purl	pkg:npm/sequelize@3.17.0

Next non-vulnerable version	6.37.8
Latest non-vulnerable version	7.0.0-next.1
Risk	4.5

Vulnerabilities affecting this package (11)

Vulnerability	Summary	Fixed by
VCID-1vrt-1c8d-a7f8 Aliases: CVE-2023-22579 GHSA-vqfx-gj96-3w95	Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.	6.28.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 7.0.0-alpha.1 Affected by 0 other vulnerabilities. 7.0.0-next.1 Affected by 0 other vulnerabilities.
VCID-52ex-weu3-4kfa Aliases: CVE-2016-10556 GHSA-9c2p-jw8p-f84v	SQL Injection in sequelize	3.20.0 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-9w1y-5mj4-k7ak Aliases: GMS-2016-41	SQL Injection via GeoJSON SequelizeJS is vulnerable to SQL injection via GeoJSON documents containing a value with a single quote. This vulnerability affects postresql/postgis as well as MySQL.	3.23.5 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.0.0-0 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ezu8-tyrr-97h8 Aliases: CVE-2023-22580 GHSA-8c25-f3mj-v6h8	Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure.	6.28.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 7.0.0-alpha.1 Affected by 0 other vulnerabilities. 7.0.0-next.1 Affected by 0 other vulnerabilities.
VCID-fb24-gte1-eye2 Aliases: CVE-2019-10749 GHSA-2598-2f59-rmhq	SQL Injection in sequelize	3.35.1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-hfs8-z16t-a3bk Aliases: GMS-2016-78	Improper Escaping of Bound Arrays In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped.	3.20.0 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-j3y1-tes7-skgx Aliases: CVE-2019-10748 GHSA-j9xp-92vc-559j	SQL Injection in sequelize	3.35.1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.44.3 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.8.11 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.8.12 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-knsq-g276-cud8 Aliases: GHSA-fw4p-36j9-rrj3 GMS-2020-771	Denial of Service in sequelize	4.44.4 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-pvvd-pgxk-6fb8 Aliases: CVE-2023-25813 GHSA-wrh9-cjv3-2hpw	Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the specific queries in use. The issue has been fixed in Sequelize 6.19.1. Users are advised to upgrade. Users unable to upgrade should not use the `replacements` and the `where` option in the same query.	6.19.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-q3k8-z561-5fgp Aliases: CVE-2016-1000225 GHSA-5v9h-q3gj-c32x GMS-2020-770	SQL Injection via GeoJSON in sequelize	3.23.6 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-qn7w-5asy-tqdh Aliases: GHSA-wfp9-vr4j-f49j GMS-2019-139	NoSQL Injection in sequelize	4.12.0 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-46gy-pvx2-juds	SQL Injection via LIMIT and ORDER If user input goes into the `limit` or `order` parameters, a malicious user can put in their own SQL statements.	GMS-2016-76
VCID-f2fe-3pwh-gqfm	SQL Injection in sequelize	CVE-2016-10550 GHSA-98pq-pmw9-4gpm

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T16:41:49.002599+00:00	GitLab Importer	Affected by	VCID-knsq-g276-cud8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/sequelize/GMS-2020-771.yml	38.6.0
2026-06-13T16:40:39.726958+00:00	GitLab Importer	Affected by	VCID-q3k8-z561-5fgp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/sequelize/GMS-2020-770.yml	38.6.0
2026-06-12T18:47:22.891606+00:00	GitLab Importer	Affected by	VCID-pvvd-pgxk-6fb8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/sequelize/CVE-2023-25813.yml	38.6.0
2026-06-12T18:47:02.318065+00:00	GitLab Importer	Affected by	VCID-ezu8-tyrr-97h8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/sequelize/CVE-2023-22580.yml	38.6.0
2026-06-12T18:46:43.404781+00:00	GitLab Importer	Affected by	VCID-1vrt-1c8d-a7f8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/sequelize/CVE-2023-22579.yml	38.6.0
2026-06-12T17:15:15.833999+00:00	GitLab Importer	Affected by	VCID-fb24-gte1-eye2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/sequelize/CVE-2019-10749.yml	38.6.0
2026-06-12T17:15:13.778428+00:00	GitLab Importer	Affected by	VCID-j3y1-tes7-skgx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/sequelize/CVE-2019-10748.yml	38.6.0
2026-06-12T17:11:43.953411+00:00	GitLab Importer	Affected by	VCID-qn7w-5asy-tqdh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/sequelize/GMS-2019-139.yml	38.6.0
2026-06-12T16:59:16.522257+00:00	GitLab Importer	Affected by	VCID-52ex-weu3-4kfa	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/sequelize/CVE-2016-10556.yml	38.6.0
2026-06-12T16:51:04.555326+00:00	GitLab Importer	Affected by	VCID-hfs8-z16t-a3bk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/sequelize/GMS-2016-78.yml	38.6.0
2026-06-12T16:50:34.397024+00:00	GitLab Importer	Affected by	VCID-9w1y-5mj4-k7ak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/sequelize/GMS-2016-41.yml	38.6.0
2026-06-12T15:41:29.943518+00:00	GitLab Importer	Fixing	VCID-f2fe-3pwh-gqfm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/sequelize/CVE-2016-10550.yml	38.6.0
2026-06-12T15:39:32.024201+00:00	GitLab Importer	Fixing	VCID-46gy-pvx2-juds	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/sequelize/GMS-2016-76.yml	38.6.0
2026-06-12T08:11:12.801868+00:00	GithubOSV Importer	Fixing	VCID-f2fe-3pwh-gqfm	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-98pq-pmw9-4gpm/GHSA-98pq-pmw9-4gpm.json	38.6.0
2026-06-11T20:25:04.861395+00:00	GHSA Importer	Fixing	VCID-f2fe-3pwh-gqfm	https://github.com/advisories/GHSA-98pq-pmw9-4gpm	38.6.0