VYPR

Typeorm

by Typeorm

npm: typeorm

Source repositories

CVEs (2)

  • CVE-2025-60542MedOct 29, 2025
    risk 0.35cvss 6.5epss 0.00

    SQL Injection vulnerability in TypeORM before 0.3.26 via crafted request to repository.save or repository.update due to the sqlstring call using stringifyObjects default to false.

  • CVE-2022-33171Jul 4, 2022
    risk 0.00cvss epss 0.20

    The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's…