0xble (>=21.4.1 <=22.1.2), 5e-srd-tools (>=0.0.4 <=0.0.34) +2004 more potentially affected by CVE-2026-39356 via drizzle-orm (>=0.11.6 <=0.45.1)

drizzle-orm NPM version =0.11.6, =21.4.1, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =1.0.10, =0.22.5, =0.1.0, =1.16.47, =1.16.47, =0.19.0, =1.0.0, =1.0.0, =0.0.6, =1.1.1-0 - @aeriondyseti/mcp-memory =0.1.0 and more Source cves: CVE-2026-39356 Source advisory: OSV:GHSA-GPJ5-G38J-94V9...

0xble (>=21.4.1 <=22.1.2), @10xsai/ts-serverless (>=0.1.0 <=0.1.1) +1432 more potentially affected by CVE-2026-39356 via drizzle-orm (>=0.37.0 <=0.45.1)

drizzle-orm NPM version =0.37.0, =21.4.1, =0.1.0, =0.1.0, =1.0.10, =0.22.5, =0.1.0, =1.16.47, =1.16.47, =0.19.0, =1.0.0, =0.0.6, =0.1.0, =0.4.2, =0.2.0, =0.12.0 and more Source cves: CVE-2026-39356 Source advisory: SNYK:JS-DRIZZLEORM-16000009...

CVE-2026-39356

Drizzle is a modern TypeScript ORM. Prior to 0.45.2 and 1.0.0-beta.20, Drizzle ORM improperly escaped quoted SQL identifiers in its dialect-specific escapeName implementations. In affected versions, embedded identifier delimiters were not escaped before the identifier was wrapped in quotes or...

CVE-2025-60542

SQL Injection vulnerability in TypeORM before 0.3.26 via crafted request to repository.save or repository.update due to the sqlstring call using stringifyObjects default to false...

CVE-2023-47117

Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...

CVE-2020-11010

In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only affected when filtering with contains, startswith, or endswith filters and their case-insensitive...

CVE-2023-47117

Label Studio versions prior to 1.9.2post0 are affected by an ORM leakage vulnerability in filtering tasks, enabling an attacker to extract sensitive fields such as password hashes by manipulating Django ORM filters. The issue is compounded by a hard-coded SECRET_KEY that could be exploited to for...

arango-orm (>=0.4.0 <=0.4.2), bg (>=1.2.0 <=1.9.1) +24 more potentially affected by CVE-2018-17175 via marshmallow (>=0.2.1 <=2.15.0)

marshmallow PYPI version =0.2.1, =0.4.0, =1.2.0, =0.0.65.dev0, =0.10.0, =0.1.0, =0.1.0, =0.3.0, =0.1.0, =6.0.1, =6.1.2 - plume =0.1.0 and more Source cves: CVE-2018-17175 Source advisory: OSV:PYSEC-2018-67...