CVE-2023-22578

Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections...

CVE-2023-6293

Prototype Pollution in GitHub repository robinbuschmann/sequelize-typescript prior to 2.1.6...

CVE-2019-10748

Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects...

CVE-2019-10752

Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite...

CVE-2019-10749

sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect...

org.webjars.npm:class-validator (>=0.8.5 <=0.14.0), org.webjars.npm:image-thumbnail (=1.0.15) +8 more potentially affected by CVE-2025-56200 via org.webjars.npm:validator (>=10.11.0 <=9.2.0)

org.webjars.npm:validator MAVEN version =10.11.0, =0.8.5, =3.1.2, =3.18.2, =3.25.1 Source cves: CVE-2025-56200 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-14102004...

Sequelize Configuration File Detected

Sequelize is a promise-based Node.js ORM tool for databases engines. Sequelize CLI uses by default a configuration file in 'config' directory to store the environment and database information. By accessing it, an attacker could leverage the vulnerability to gain unauthorized and privileged access...

Malicious code in sequelize-orm (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-3002 Malicious code in sequelize-orm (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in @fdfe/zebra-sequelize-client (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-3985 Malicious code in @fdfe/zebra-sequelize-client (npm)

--- -= Per source details. Do not edit below this line.=-...

Exploit for SQL Injection in Sequelizejs Sequelize

CVE-2023-25813 CVE 정보 - CVE 번호: CVE-2023-25813https...

blackwood-systems.com Cross Site Scripting vulnerability OBB-3842583

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Prototype Pollution

sequelize-typescript is vulnerable to Prototype Pollution. The vulnerability is due to the deepAssign function which does not check if the attribute resolves to the object prototype and hence it is possible to create attributes that exist on every object, or replace critical attributes with...

@5minds/processcube_engine (>=15.0.0 <=17.0.0-renovate-fffeda-lowoukm9), @alphaapps/nestjs-auth (>=1.0.0 <=1.2.2) +237 more potentially affected by CVE-2023-6293 via sequelize-typescript (>=0.3.5 <=2.1.5)

sequelize-typescript NPM version =0.3.5, =15.0.0, =1.0.0, =4.4.6-alpha.2, =12.1.0-alpha.6, =0.0.1, =0.1.0, =0.1.3-alpha.0, =0.1.3-alpha.0, =0.1.0-alpha.0, =0.1.1-alpha.0, =0.1.11-alpha.0, =0.0.1, =0.0.1-alpha.14 and more Source cves: CVE-2023-6293 Source advisory: OSV:GHSA-7PVX-4585-HQWW...

GHSA-7PVX-4585-HQWW sequelize-typescript Prototype Pollution vulnerability

Prototype Pollution in GitHub repository robinbuschmann/sequelize-typescript prior to 2.1.6...

CVE-2023-6293

Prototype Pollution in GitHub repository robinbuschmann/sequelize-typescript prior to 2.1.6...

CVE-2023-6293 Prototype Pollution in robinbuschmann/sequelize-typescript

Prototype Pollution in GitHub repository robinbuschmann/sequelize-typescript prior to 2.1.6...

sequelize-typescript security vulnerability

sequelize-typescript is a set of decorators and other methods for sequelize. A security vulnerability exists in sequelize-typescript versions prior to 2.1.6, which stems from the presence of prototype contamination...

SQL Injection

sequelize is vulnerable to SQL Injection. The vulnerability exists because the library does not properly escape the query strings in the replacement parameter used in the where clause, allowing an attacker to inject and execute malicious SQL queries...