Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Snyk
Snykadded 2026/04/08 12:14 a.m.4 views

SQL Injection

Overview drizzle-orm is a Drizzle ORM package for SQL databases Affected versions of this package are vulnerable to SQL Injection through the escapeName handling in the PostgreSQL, SQLite, and SingleStore dialects. An attacker can inject arbitrary SQL by supplying a malicious identifier to...

9.8CVSS6.2AI score0.00392EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2026/04/08 12:14 a.m.7 views

Drizzle ORM has SQL injection via improperly escaped SQL identifiers

Summary Drizzle ORM improperly escaped quoted SQL identifiers in its dialect-specific escapeName implementations. In affected versions, embedded identifier delimiters were not escaped before the identifier was wrapped in quotes or backticks. As a result, applications that pass attacker-controlled...

7.5CVSS5.8AI score0.00392EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2026/03/20 12:16 a.m.4 views

CVE-2026-32763

Kysely is a type-safe TypeScript SQL query builder. Versions up to and including 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The visitJSONPathLeg function appends user-controlled values from .key and .at directly into single-quoted JSON path...

8.2CVSS0.00419EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/03/19 11:14 p.m.18 views

CVE-2026-32763 SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`.

Kysely is a type-safe TypeScript SQL query builder. Versions up to and including 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The visitJSONPathLeg function appends user-controlled values from .key and .at directly into single-quoted JSON path...

8.2CVSS0.00419EPSS
Exploits1References3
OSV
OSVadded 2026/03/18 12:59 p.m.2 views

GHSA-WMRF-HV6W-MR66 SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`.

Summary Kysely through 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The visitJSONPathLeg function appends user-controlled values from .key and .at directly into single-quoted JSON path string literals '$.key' without escaping single quotes. An...

8.2CVSS6.1AI score0.00419EPSS
Exploits1References5
OSV
OSVadded 2020/09/03 8:25 p.m.1 views

GHSA-FW4P-36J9-RRJ3 Denial of Service in sequelize

Versions of sequelize prior to 4.44.4 are vulnerable to Denial of Service DoS. The SQLite dialect fails to catch a TypeError exception for the results variable. The results value may be undefined and trigger the error on a .map call. This may allow attackers to submit malicious input that forces...

5.8AI score
Exploits0References2
Rows per page
Query Builder