Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2026/01/16 9:4 p.m.6 views

@blockchain-lab-um/ssi-snap (>=1.0.3 <=1.0.7), @i3m/base-wallet (>=1.1.0 <=2.6.1) +50 more potentially affected by unknown CVE via @veramo/data-store (>=0.0.42 <=5.6.0)

@veramo/data-store NPM version =0.0.42, =1.0.3, =1.1.0, =1.1.0, =1.2.0, =1.1.0, =0.2.0, =1.0.0, =1.5.0, =1.5.1, =0.0.1, =0.11.1-next.4, =0.2.1-next.13, =0.8.1-next.272, =0.11.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-38CW-85XC-XR9X...

5.7AI score
Exploits0
OSV
OSV
added 2026/01/16 9:4 p.m.2 views

GHSA-38CW-85XC-XR9X Veramo is Vulnerable to SQL Injection in Veramo Data Store ORM

Summary An SQL injection vulnerability exists in the @veramo/data-store package that allows any authenticated user to execute arbitrary SQL queries against the database. The vulnerability is caused by insufficient validation of the column parameter in the order array of query requests. Details...

6.8CVSS8.5AI score
Exploits0References5
Snyk
Snyk
added 2026/01/16 9:4 p.m.3 views

SQL Injection

Overview @veramo/data-store is a Veramo data storage plugin based on TypeORM database drivers Affected versions of this package are vulnerable to SQL Injection via insufficient validation of the column parameter in the order array processed by the decorateQB function. An attacker can execute...

8.2CVSS6.3AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/16 9:4 p.m.12 views

Veramo is Vulnerable to SQL Injection in Veramo Data Store ORM

Summary An SQL injection vulnerability exists in the @veramo/data-store package that allows any authenticated user to execute arbitrary SQL queries against the database. The vulnerability is caused by insufficient validation of the column parameter in the order array of query requests. Details...

8.6AI score
Exploits0References5Affected Software1
Rows per page
Query Builder