Sequelize.js
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-30951 | 0.00 | — | 0.00 | Mar 10, 2026 | Sequelize is a Node.js ORM tool. Prior to 6.37.8, there is SQL injection via unescaped cast type in JSON/JSONB where clause processing. The _traverseJSON() function splits JSON path keys on :: to extract a cast type, which is interpolated raw into CAST(... AS ) SQL. An attacker who controls JSON object keys can inject arbitrary SQL and exfiltrate data from any table. This vulnerability is fixed in 6.37.8. | |||
| CVE-2023-22579 | 0.00 | — | 0.00 | Feb 16, 2023 | Due to improper parameter filtering in the sequalize js library, can a attacker peform injection. | |||
| CVE-2023-22578 | 0.00 | — | 0.00 | Feb 16, 2023 | Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections. | |||
| CVE-2023-22580 | 0.00 | — | 0.00 | Feb 16, 2023 | Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure. |
- CVE-2026-30951Mar 10, 2026risk 0.00cvss —epss 0.00
Sequelize is a Node.js ORM tool. Prior to 6.37.8, there is SQL injection via unescaped cast type in JSON/JSONB where clause processing. The _traverseJSON() function splits JSON path keys on :: to extract a cast type, which is interpolated raw into CAST(... AS ) SQL. An attacker who controls JSON object keys can inject arbitrary SQL and exfiltrate data from any table. This vulnerability is fixed in 6.37.8.
- CVE-2023-22579Feb 16, 2023risk 0.00cvss —epss 0.00
Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.
- CVE-2023-22578Feb 16, 2023risk 0.00cvss —epss 0.00
Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections.
- CVE-2023-22580Feb 16, 2023risk 0.00cvss —epss 0.00
Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure.