Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.8 views

CVE-2026-44635

Kysely is a type-safe TypeScript SQL query builder. From 0.26.0 to 0.28.16, DefaultQueryCompiler.visitJSONPathLeg does not escape JSON-path metacharacters ., , , , , ?. When attacker-controlled input flows into eb.refcol, '-$'.keyinput or .atinput — including type-safe code where the JSON column ...

7.5CVSS5.7AI score0.00362EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 6:21 p.m.11 views

EUVD-2026-32623

Kysely is a type-safe TypeScript SQL query builder. From 0.26.0 to 0.28.16, DefaultQueryCompiler.visitJSONPathLeg does not escape JSON-path metacharacters ., , , , , ?. When attacker-controlled input flows into eb.refcol, '-$'.keyinput or .atinput — including type-safe code where the JSON column ...

7.5CVSS5.9AI score0.00362EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

Kysely 安全漏洞

Kysely is a type-safe TypeScript SQL query builder developed by Kysely contributors. Versions of Kysely from 0.26.0 to 0.28.16 contain security vulnerabilities. These vulnerabilities stem from the lack of escaping of JSON path metacharacters in the DefaultQueryCompiler.visitJSONPathLeg function. ...

7.5CVSS5.8AI score0.00362EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/11 7:40 p.m.11 views

NPM: Kysely: JSON-path traversal injection via unsanitized path-leg metacharacters in `JSONPathBuilder.key()` / `.at()`

NPM: Kysely: JSON-path traversal injection via unsanitized path-leg metacharacters in JSONPathBuilder.key / .at vulnerability discovered by ? in WordPress Npm kysely versions = 0.26.0, 0.28.17...

5.8AI score0.00362EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 7:40 p.m.12 views

Kysely: JSON-path traversal injection via unsanitized path-leg metacharacters in `JSONPathBuilder.key()` / `.at()`

Summary Kysely 0.28.12 added a sanitizeStringLiteral call inside DefaultQueryCompiler.visitJSONPathLeg commit 0a602bf, PR 1727 to fix CVE-2026-32763 GHSA-wmrf-hv6w-mr66. The fix only doubles single quotes ' → ''; it does not escape JSON-path metacharacters ., , , , , ?. When attacker-controlled...

8.2CVSS6AI score0.00419EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/03/26 5:16 p.m.7 views

CVE-2026-33442

Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28.13, the sanitizeStringLiteral method in Kysely's query compiler escapes single quotes ' → '' but does not escape backslashes. On MySQL with the default BACKSLASHESCAPES SQL mode, an attacker can inject a backslash...

8.1CVSS0.00442EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/20 8:48 p.m.3 views

SQL Injection

Overview kysely is a Type safe SQL query builder Affected versions of this package are vulnerable to SQL Injection via the sanitizeStringLiteral function. An attacker can execute arbitrary SQL commands by supplying specially crafted input containing backslashes and quotes, which are not properly...

9.2CVSS6.1AI score0.00419EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/03/20 8:48 p.m.7 views

@abiswas97/postgres-mcp (=2.0.0), @ampt/sql (=1.0.1) +708 more potentially affected by CVE-2026-33468 via kysely (>=0.18.1 <=0.28.13)

kysely NPM version =0.18.1, =1.0.25-beta.0, =0.0.19, =1.2.6-beta.2, =0.0.1, =0.0.0, =0.1.0, =0.0.2, =0.0.1, =2.7.6, =0.2.0, =11.3.0 and more Source cves: CVE-2026-33468 Source advisory: SNYK:JS-KYSELY-15763566...

8.1CVSS5.7AI score0.00419EPSS
Exploits1
Rows per page
Query Builder