VYPR

npm package

@mikro-orm/core

pkg:npm/%40mikro-orm/core

Vulnerabilities (2)

  • CVE-2026-34221CriMar 31, 2026
    affected < 6.6.10fixed 6.6.10

    MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, a prototype pollution vulnerability exists in the Utils.merge helper used internally by MikroORM when merging object structures. The function

  • CVE-2026-34220CriMar 31, 2026
    affected < 6.6.10fixed 6.6.10

    MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, there is a SQL injection vulnerability when specially crafted objects are interpreted as raw SQL query fragments. This issue has been patched