Kysely-org Kysely
4 CVEs affecting Kysely-org Kysely. Latest disclosed: 2026-05-27. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-32763 | High | 8.2 | 2026-03-19 | Kysely is a type-safe TypeScript SQL query builder. Versions up to and including 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL a… |
CVE-2026-33468 | High | 8.1 | 2026-03-26 | Kysely is a type-safe TypeScript SQL query builder. Prior to version 0.28.14, Kysely's `DefaultQueryCompiler.sanitizeStringLiteral()` only escapes single quote… |
CVE-2026-33442 | High | 8.1 | 2026-03-26 | Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28.13, the `sanitizeStringLiteral` method in Kysely's query compiler escapes sing… |
CVE-2026-44635 | High | 7.5 | 2026-05-27 | Kysely is a type-safe TypeScript SQL query builder. From 0.26.0 to 0.28.16, DefaultQueryCompiler.visitJSONPathLeg does not escape JSON-path metacharacters (… |