Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OSV
OSVadded 2026/01/16 9:4 p.m.1 views

GHSA-38CW-85XC-XR9X Veramo is Vulnerable to SQL Injection in Veramo Data Store ORM

Summary An SQL injection vulnerability exists in the @veramo/data-store package that allows any authenticated user to execute arbitrary SQL queries against the database. The vulnerability is caused by insufficient validation of the column parameter in the order array of query requests. Details...

6.8CVSS8.5AI score
Exploits0References5
Snyk
Snykadded 2026/01/16 9:4 p.m.1 views

SQL Injection

Overview @veramo/data-store is a Veramo data storage plugin based on TypeORM database drivers Affected versions of this package are vulnerable to SQL Injection via insufficient validation of the column parameter in the order array processed by the decorateQB function. An attacker can execute...

8.2CVSS6.3AI score
Exploits0References2
Snyk
Snykadded 2026/01/16 9:4 p.m.1 views

SQL Injection

Overview @veramo/data-store-json is a Veramo data storage based on a JSON tree Affected versions of this package are vulnerable to SQL Injection via insufficient validation of the column parameter in the order array processed by the decorateQB function. An attacker can execute arbitrary SQL queri...

8.2CVSS6.3AI score
Exploits0References2
Snyk
Snykadded 2026/01/16 9:4 p.m.1 views

SQL Injection

Overview @veramo/core-types is a Veramo Core Logic & Interfaces. Affected versions of this package are vulnerable to SQL Injection via insufficient validation of the column parameter in the order array processed by the decorateQB function. An attacker can execute arbitrary SQL queries and access...

8.2CVSS6.3AI score
Exploits0References2
EUVD
EUVDadded 2026/01/16 9:4 p.m.3 views

EUVD-2026-2910

Veramo is Vulnerable to SQL Injection in Veramo Data Store ORM...

7.4AI score
Exploits0References5
vulnersOsv
vulnersOsvadded 2026/01/16 9:4 p.m.4 views

@blockchain-lab-um/ssi-snap (>=1.0.3 <=1.0.7), @i3m/base-wallet (>=1.1.0 <=2.6.1) +50 more potentially affected by unknown CVE via @veramo/data-store (>=0.0.42 <=5.6.0)

@veramo/data-store NPM version =0.0.42, =1.0.3, =1.1.0, =1.1.0, =1.2.0, =1.1.0, =0.2.0, =1.0.0, =1.5.0, =1.5.1, =0.0.1, =0.11.1-next.4, =0.2.1-next.13, =0.8.1-next.272, =0.11.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-38CW-85XC-XR9X...

5.8AI score
Exploits0
vulnersOsv
vulnersOsvadded 2026/01/16 9:4 p.m.4 views

@veramo/kv-store (>=6.0.0 <=6.0.2-next.57) potentially affected by unknown CVE via @veramo/core-types (>=6.0.0 <=6.0.2-next.57)

@veramo/core-types NPM version =6.0.0, =6.0.0, =6.0.2-next.57 Source cves: unknown CVE Source advisory: SNYK:JS-VERAMOCORETYPES-15032936...

5.8AI score
Exploits0
Github Security Blog
Github Security Blogadded 2026/01/16 9:4 p.m.7 views

Veramo is Vulnerable to SQL Injection in Veramo Data Store ORM

Summary An SQL injection vulnerability exists in the @veramo/data-store package that allows any authenticated user to execute arbitrary SQL queries against the database. The vulnerability is caused by insufficient validation of the column parameter in the order array of query requests. Details...

8.6AI score
Exploits0References5Affected Software1
Rows per page
Query Builder