Sequelizejs Sequelize
13 CVEs affecting Sequelizejs Sequelize. Latest disclosed: 2026-03-10. Critical: 9, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-25813 | Critical | 10.0 | 2023-02-22 | Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replac… |
CVE-2023-22578 | Critical | 10.0 | 2023-02-16 | Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections. |
CVE-2023-22579 | Critical | 9.9 | 2023-02-16 | Due to improper parameter filtering in the sequalize js library, can a attacker peform injection. |
CVE-2019-10749 | Critical | 9.8 | 2019-10-29 | sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect. |
CVE-2019-10748 | Critical | 9.8 | 2019-10-29 | Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/Maria… |
CVE-2019-10752 | Critical | 9.8 | 2019-10-17 | Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly… |
CVE-2016-10554 | Critical | 9.8 | 2018-05-31 | sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for… |
CVE-2016-10553 | Critical | 9.8 | 2018-05-31 | sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for… |
CVE-2016-10550 | Critical | 9.8 | 2018-05-31 | sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for… |
CVE-2026-30951 | High | 7.5 | 2026-03-10 | Sequelize is a Node.js ORM tool. Prior to 6.37.8, there is SQL injection via unescaped cast type in JSON/JSONB where clause processing. The _traverseJSON() fun… |
CVE-2019-11069 | High | 7.5 | 2019-04-10 | Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used. |
CVE-2016-10556 | High | 7.5 | 2018-05-29 | sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for… |
CVE-2023-22580 | Medium | 5.3 | 2023-02-16 | Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure. |