threat
engine
.sh
Back
·
··:··
Home
/
Product
/
sequelizejs sequelize
Product
sequelizejs sequelize
15 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-30951
< 6.37.8
Sequelize is a Node.js ORM tool. Prior to 6.37.8, there is SQL injection via unescaped cast type in JSON/JSONB where clause proces
7.5
HIGH
CVE-2023-6293
< 2.1.6
Prototype Pollution in GitHub repository robinbuschmann/sequelize-typescript prior to 2.1.6.
7.1
HIGH
CVE-2023-25813
< 6.19.1
Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters wh
10.0
CRITICAL
CVE-2023-22580
< 6.28.1
Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure.
5.3
MEDIUM
CVE-2023-22579
< 6.28.1
Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.
9.9
CRITICAL
CVE-2023-22578
< 6.29.0
Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections.
10.0
CRITICAL
CVE-2019-10749
< 3.35.1
sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized
9.8
CRITICAL
CVE-2019-10748
>= 3.0.0 and < 3.35.1
Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properl
9.8
CRITICAL
CVE-2019-10752
>= 4.0.0 and < 4.44.3
Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function
9.8
CRITICAL
CVE-2019-11069
>= 5.0.0 and < 5.3.0
Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used.
7.5
HIGH
CVE-2016-10554
<= 1.6.0
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQ
9.8
CRITICAL
CVE-2016-10553
<= 2.1.3
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQ
9.8
CRITICAL
CVE-2016-10550
<= 3.16.0
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQ
9.8
CRITICAL
CVE-2016-10556
<= 3.19.3
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQ
7.5
HIGH
CVE-2015-1369
<= 2.0.0
SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL commands vi
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin