EUVD-2026-31893

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...

PT-2026-39290

Summary MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters Platform.getSearchJsonPropertyKey, quoteJsonKey did not properly escape characters that delimit the SQL identifier or string-literal context they emit into. When...

PT-2026-25849

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.3 Description Glances, a system cross-platform monitoring tool, contains a SQL injection issue in the DuckDB export module. The TimescaleDB export module was previously fixed for SQL injection by using parameteriz...

Doctrine DBAL SQL injection possibility

The identifier quoting in Doctrine DBAL has a potential security problem when user-input is passed into this function, making the security aspect of this functionality obsolete. If you make use of AbstractPlatform::quoteIdentifier or Doctrine::quoteIdentifier please upgrade immediately. The ORM...