CVE-2023-22578

CVE-2023-22578 affects the Sequelize JavaScript ORM. The issue is caused by improper attribute filtering, enabling a remote attacker to execute SQL injections via crafted queries that can view, add, modify, or delete data in the back-end database. Documented impacts in the IBM/Red Hat/OSS advisor...

CVE-2023-22580

CVE-2023-22580 describes a vulnerability in the Sequelize JS library where improper input filtering can allow malicious queries to disclose sensitive information. The issue affects Sequelize (library/file level) and is associated with a confidentiality impact (per CVSS) without explicit exploit d...

CVE-2023-25813

Sequelize (Node.js ORM) prior to v6.19.1 is vulnerable to SQL injection when using replacements in combination with where clauses, due to improper escaping and the replacement processing order. The issue affects Sequelize

CVE-2019-10749

CVE-2019-10749 affects sequelize prior to 3.35.1. The vulnerability arises in the Postgres dialect where JSON path keys are not properly sanitized, enabling SQL injection. Affected component: Sequelize (Node.js ORM) code paths used for generating queries with JSON path keys. Exploitation details ...

CVE-2023-22579

CVE-2023-22579 concerns Sequelize (Node.js ORM). The related docs point to a type-confusion/unsafe fall-through in getWhereConditions that can bypass parameter filtering, enabling an attacker to execute arbitrary code under certain conditions. Affected component: Sequelize runtime; core issue is ...

CVE-2026-30951

CVE-2026-30951 affects Sequelize (Node.js ORM). Prior to version 6.37.8, JSON/JSONB where-clause processing can interpolate an unescaped cast type via _traverseJSON(), inserting CAST(... AS ) with attacker-controlled JSON keys, enabling arbitrary SQL and data exfiltration from any table. The vuln...