Sequelizejs Sequelize

13 CVEs affecting Sequelizejs Sequelize. Latest disclosed: 2026-03-10. Critical: 9, High: 3.

Top CVEs affecting Sequelizejs Sequelize
CVESeverityScorePublishedSummary
CVE-2023-25813Critical10.02023-02-22Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replac…
CVE-2023-22578Critical10.02023-02-16Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections.
CVE-2023-22579Critical9.92023-02-16Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.
CVE-2019-10749Critical9.82019-10-29sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect.
CVE-2019-10748Critical9.82019-10-29Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/Maria…
CVE-2019-10752Critical9.82019-10-17Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly…
CVE-2016-10554Critical9.82018-05-31sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for…
CVE-2016-10553Critical9.82018-05-31sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for…
CVE-2016-10550Critical9.82018-05-31sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for…
CVE-2026-30951High7.52026-03-10Sequelize is a Node.js ORM tool. Prior to 6.37.8, there is SQL injection via unescaped cast type in JSON/JSONB where clause processing. The _traverseJSON() fun…
CVE-2019-11069High7.52019-04-10Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used.
CVE-2016-10556High7.52018-05-29sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for…
CVE-2023-22580Medium5.32023-02-16Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure.