Critical severity9.8NVD Advisory· Published May 31, 2018· Updated Jun 17, 2026
CVE-2016-10554
CVE-2016-10554
Description
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, sequelize defaulted SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escaping.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sequelizenpm | < 1.7.0 | 1.7.0 |
Affected products
2- HackerOne/sequelize node modulev5Range: <= 1.7.0-alpha2
Patches
Vulnerability mechanics
References
5- github.com/sequelize/sequelize/commit/c876192aa6ce1f67e22b26a4d175b8478615f42dnvdPatchThird Party AdvisoryWEB
- nodesecurity.io/advisories/113nvdPatchThird Party Advisory
- github.com/advisories/GHSA-x2jc-pwfj-h9p3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-10554ghsaADVISORY
- www.npmjs.com/advisories/113ghsaWEB
News mentions
0No linked articles in our index yet.