VYPR

Mikroorm

by Mikro ORM

Source repositories

CVEs (3)

  • CVE-2026-34220CriMar 31, 2026
    risk 0.57cvss 9.8epss 0.00

    MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, there is a SQL injection vulnerability when specially crafted objects are interpreted as raw SQL query fragments. This issue has been…

  • CVE-2026-34221CriMar 31, 2026
    risk 0.52cvss 9.1epss 0.00

    MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, a prototype pollution vulnerability exists in the Utils.merge helper used internally by MikroORM when merging object structures. The…

  • CVE-2026-44680HigMay 26, 2026
    risk 0.45cvss 7.6epss 0.01

    MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper (Platform.quoteIdentifier and the postgres/mssql overrides) and its JSON-path…