Medium severity5.4NVD Advisory· Published Jun 12, 2025· Updated Jun 17, 2026
CVE-2025-29744
CVE-2025-29744
Description
pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pg-promisenpm | < 11.5.5 | 11.5.5 |
Affected products
2Patches
Vulnerability mechanics
References
4- www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw/nvdExploitThird Party Advisory
- github.com/advisories/GHSA-ff9h-848c-4xfjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-29744ghsaADVISORY
- www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flawghsaWEB
News mentions
0No linked articles in our index yet.