2 matches found
EUVD-2026-19909
Drizzle ORM has SQL injection via improperly escaped SQL identifiers...
PT-2026-31003
Name of the Vulnerable Software and Affected Versions Drizzle versions prior to 0.45.2 and 1.0.0-beta.20 Description Drizzle ORM does not properly escape quoted SQL identifiers in its escapeName implementations. This can allow an attacker to terminate the quoted identifier and inject SQL when...