VYPR

npm package

drizzle-orm

pkg:npm/drizzle-orm

Vulnerabilities (1)

  • CVE-2026-39356HigApr 7, 2026
    affected < 0.45.2fixed 0.45.2

    Drizzle is a modern TypeScript ORM. Prior to 0.45.2 and 1.0.0-beta.20, Drizzle ORM improperly escaped quoted SQL identifiers in its dialect-specific escapeName() implementations. In affected versions, embedded identifier delimiters were not escaped before the identifier was wrapp