VYPR
Vendor

Typeorm

Products
1
CVEs
2
Across products
2
Status
Private

Products

1

Recent CVEs

2
  • CVE-2025-60542MedOct 29, 2025
    risk 0.35cvss 6.5epss 0.00

    SQL Injection vulnerability in TypeORM before 0.3.26 via crafted request to repository.save or repository.update due to the sqlstring call using stringifyObjects default to false.

  • CVE-2022-33171Jul 4, 2022
    risk 0.00cvss epss 0.20

    The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's…