VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-q3k8-z561-5fgp

Essentials
Severities (28)
References (16)
Severity details (21)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-q3k8-z561-5fgp
Aliases	CVE-2016-1000225 GHSA-5v9h-q3gj-c32x GMS-2020-770
Summary	SQL Injection via GeoJSON in sequelize
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	9.8	http://docs.sequelizejs.com/en/latest/api/datatypes/#geometry
cvssv3	9.8	http://geojson.org/
epss	0.06541	https://api.first.org/data/v1/epss?cve=CVE-2016-1000225
epss	0.06541	https://api.first.org/data/v1/epss?cve=CVE-2016-1000225
epss	0.06541	https://api.first.org/data/v1/epss?cve=CVE-2016-1000225
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-5v9h-q3gj-c32x
cvssv3	9.8	https://github.com/nodejs/security-wg/blob/main/vuln/npm/122.json
cvssv3.1	9.8	https://github.com/sequelize/sequelize
generic_textual	CRITICAL	https://github.com/sequelize/sequelize
cvssv3.1	9.8	https://github.com/sequelize/sequelize/commit/14e3deaf3ad27f12900e5275db1d448844c9de3e
generic_textual	CRITICAL	https://github.com/sequelize/sequelize/commit/14e3deaf3ad27f12900e5275db1d448844c9de3e
cvssv3.1	9.8	https://github.com/sequelize/sequelize/commit/18ac91040d9c57351d26ba998f460e214255b704
generic_textual	CRITICAL	https://github.com/sequelize/sequelize/commit/18ac91040d9c57351d26ba998f460e214255b704
cvssv3.1	9.8	https://github.com/sequelize/sequelize/commit/562d52585902090f4e53eb21c61314098c29d795
generic_textual	CRITICAL	https://github.com/sequelize/sequelize/commit/562d52585902090f4e53eb21c61314098c29d795
cvssv3.1	9.8	https://github.com/sequelize/sequelize/commit/f93af43a1d86400487f5e3d9762f1a4b7cf6b1e1
generic_textual	CRITICAL	https://github.com/sequelize/sequelize/commit/f93af43a1d86400487f5e3d9762f1a4b7cf6b1e1
cvssv3	9.8	https://github.com/sequelize/sequelize/issues/6194
cvssv3.1	9.8	https://github.com/sequelize/sequelize/issues/6194
generic_textual	CRITICAL	https://github.com/sequelize/sequelize/issues/6194
cvssv3.1	9.8	https://github.com/sequelize/sequelize/pull/6302
generic_textual	CRITICAL	https://github.com/sequelize/sequelize/pull/6302
cvssv3.1	9.8	https://github.com/sequelize/sequelize/pull/6306
generic_textual	CRITICAL	https://github.com/sequelize/sequelize/pull/6306
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2016-1000225
generic_textual	CRITICAL	https://nvd.nist.gov/vuln/detail/CVE-2016-1000225
cvssv3.1	9.8	https://snyk.io/vuln/npm:sequelize:20160718
generic_textual	CRITICAL	https://snyk.io/vuln/npm:sequelize:20160718

Reference id	Reference type	URL
		http://docs.sequelizejs.com/en/latest/api/datatypes/#geometry
		http://geojson.org/
		https://api.first.org/data/v1/epss?cve=CVE-2016-1000225
		https://github.com/sequelize/sequelize
		https://github.com/sequelize/sequelize/commit/14e3deaf3ad27f12900e5275db1d448844c9de3e
		https://github.com/sequelize/sequelize/commit/18ac91040d9c57351d26ba998f460e214255b704
		https://github.com/sequelize/sequelize/commit/562d52585902090f4e53eb21c61314098c29d795
		https://github.com/sequelize/sequelize/commit/f93af43a1d86400487f5e3d9762f1a4b7cf6b1e1
		https://github.com/sequelize/sequelize/issues/6194
		https://github.com/sequelize/sequelize/pull/6302
		https://github.com/sequelize/sequelize/pull/6306
		https://snyk.io/vuln/npm:sequelize:20160718
		https://www.npmjs.com/advisories/122
122		https://github.com/nodejs/security-wg/blob/main/vuln/npm/122.json
CVE-2016-1000225		https://nvd.nist.gov/vuln/detail/CVE-2016-1000225
GHSA-5v9h-q3gj-c32x		https://github.com/advisories/GHSA-5v9h-q3gj-c32x

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/sequelize/sequelize

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/sequelize/sequelize/commit/14e3deaf3ad27f12900e5275db1d448844c9de3e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/sequelize/sequelize/commit/18ac91040d9c57351d26ba998f460e214255b704

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/sequelize/sequelize/commit/562d52585902090f4e53eb21c61314098c29d795

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/sequelize/sequelize/commit/f93af43a1d86400487f5e3d9762f1a4b7cf6b1e1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/sequelize/sequelize/issues/6194

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/sequelize/sequelize/pull/6302

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/sequelize/sequelize/pull/6306

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-1000225

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://snyk.io/vuln/npm:sequelize:20160718

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.91367
EPSS Score	0.06541
Published At	June 12, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T20:26:28.012631+00:00	GHSA Importer	Import	https://github.com/advisories/GHSA-5v9h-q3gj-c32x	38.6.0