K000161154: Sequelize vulnerability CVE-2026-30951

Security Advisory Description Sequelize is a Node.js ORM tool. Prior to 6.37.8, there is SQL injection via unescaped cast type in JSON/JSONB where clause processing. The traverseJSON function splits JSON path keys on :: to extract a cast type, which is interpolated raw into CAST... AS SQL. An...

@142vip/egg (>=0.0.1-alpha.1 <=0.0.1-alpha.6), @142vip/egg-axios (>=0.0.1-alpha.1 <=0.0.1-alpha.2) +302 more potentially affected by CVE-2026-30951 via sequelize (>=6.0.0-beta.4 <=6.37.7)

sequelize NPM version =6.0.0-beta.4, =0.0.1-alpha.1, =0.0.1-alpha.1, =0.0.1-alpha.2, =0.0.1-alpha.2, =0.0.1-alpha.2, =1.2.3, =1.0.0, =15.0.0, =1.0.0, =0.18.0, =5.0.0-alpha.3, =13.5.0, =1.0.70, =1.0.155 and more Source cves: CVE-2026-30951 Source advisory: SNYK:JS-SEQUELIZE-15456219...

@142vip/egg (>=0.0.1-alpha.1 <=0.0.1-alpha.6), @142vip/egg-axios (>=0.0.1-alpha.1 <=0.0.1-alpha.2) +302 more potentially affected by CVE-2026-30951 via sequelize (>=6.0.0-beta.4 <=6.37.7)

sequelize NPM version =6.0.0-beta.4, =0.0.1-alpha.1, =0.0.1-alpha.1, =0.0.1-alpha.2, =0.0.1-alpha.2, =0.0.1-alpha.2, =1.2.3, =1.0.0, =15.0.0, =1.0.0, =0.18.0, =5.0.0-alpha.3, =13.5.0, =1.0.70, =1.0.155 and more Source cves: CVE-2026-30951 Source advisory: OSV:GHSA-6457-6JRX-69CR...

Linux Distros Unpatched Vulnerability : CVE-2026-30951

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sequelize is a Node.js ORM tool. Prior to 6.37.8, there is SQL injection via unescaped cast type in JSON/JSONB where clause processing. The traverseJSON functio...

CVE-2026-30951

A flaw was found in Sequelize, a Node.js Object-Relational Mapper ORM tool. A remote attacker can exploit a SQL injection vulnerability by manipulating JSON object keys during JSON/JSONB where clause processing. This allows for the injection of arbitrary SQL commands due to the improper handling ...

CVE-2026-30951

Sequelize is a Node.js ORM tool. Prior to 6.37.8, there is SQL injection via unescaped cast type in JSON/JSONB where clause processing. The traverseJSON function splits JSON path keys on :: to extract a cast type, which is interpolated raw into CAST... AS SQL. An attacker who controls JSON object...

CVE-2026-30951

creationtimestamp| type| source ---|---|--- 2026-03-09 21:42:50+00:00| published-proof-of-concept| https://github.com/sequelize/sequelize/security/advisories/GHSA-6457-6jrx-69cr 2026-03-18 20:20:08+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mhecqtuljb2h 2026-04-05 18:00:04+00:00|...

CVE-2025-30951

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Stiofan BlockStrap Page Builder - Bootstrap Blocks blockstrap-page-builder-blocks allows Stored XSS.This issue affects BlockStrap Page Builder - Bootstrap Blocks: from n/a through = 0.1.36...

CVE-2025-30951 WordPress BlockStrap Page Builder - Bootstrap Blocks plugin <= 0.1.36 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Stiofan BlockStrap Page Builder - Bootstrap Blocks blockstrap-page-builder-blocks allows Stored XSS.This issue affects BlockStrap Page Builder - Bootstrap Blocks: from n/a through = 0.1.36...

WordPress BlockStrap Page Builder - Bootstrap Blocks plugin <= 0.1.36 - Cross Site Scripting (XSS) Vulnerability

WordPress BlockStrap Page Builder - Bootstrap Blocks plugin = 0.1.36 - Cross Site Scripting XSS Vulnerability discovered by Prissy in WordPress Plugin BlockStrap Page Builder - Bootstrap Blocks versions = 0.1.36...

CVE-2023-30951

The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack XXE...

CVE-2024-30951

FUDforum v3.1.3 was discovered to contain a reflected cross-site scripting XSS vulnerability via the chpos parameter at /adm/admsmiley.php...

CVE-2023-30951

The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack XXE...

CVE-2023-30951

Summary: CVE-2023-30951 concerns the Foundry Magritte plugin rest-source, which is reported to be vulnerable to an XML External Entity (XXE) attack. Affected component: Rest-source plugin for Foundry Magritte (exact versions not specified in the provided documents). Root cause / vulnerability typ...

CVE-2023-30951 CVE-2023-30951

The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack XXE...

CVE-2022-30951

creationtimestamp| type| source ---|---|--- 2022-05-17 18:27:35+00:00| seen| https://t.me/cibsecurity/42810 2025-11-08 19:07:54+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3m55c2xlfsbc2...

CVE-2022-30951

Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library does not implement access control, potentially allowing users to start processes even if they're not allowed to log in...

CVE-2022-30951

CVE-2022-30951 affects Jenkins WMI Windows Agents Plugin 1.8 and earlier. The Windows Remote Command library it includes does not implement access control, potentially allowing a user who cannot log in to start processes on the agent via a named pipe. The issue is explicitly described as an acces...

Moderate: Red Hat Security Advisory: webkit2gtk3 security, bug fix, and enhancement update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

RLSA-2022:1777 Moderate: webkit2gtk3 security, bug fix, and enhancement update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. The following packages have been upgraded to a later upstream version: webkit2gtk3 2.34.6. BZ1985042 Security Fixes: webkitgtk: maliciously crafted web content may lead to arbitrary code execution due to use...