Vendor
Typeorm
Products
1
CVEs
2
Across products
2
Status
Private
Products
1- Typeorm2 CVEsnpm
Recent CVEs
2| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-60542 | Med | 0.35 | 6.5 | 0.00 | Oct 29, 2025 | SQL Injection vulnerability in TypeORM before 0.3.26 via crafted request to repository.save or repository.update due to the sqlstring call using stringifyObjects default to false. | ||
| CVE-2022-33171 | 0.00 | — | 0.20 | Jul 4, 2022 | The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's… |
- risk 0.35cvss 6.5epss 0.00
SQL Injection vulnerability in TypeORM before 0.3.26 via crafted request to repository.save or repository.update due to the sqlstring call using stringifyObjects default to false.
- CVE-2022-33171Jul 4, 2022risk 0.00cvss —epss 0.20
The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's…