Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package mysql, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2015-9244 — CVSS 9.8 (critical): Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection.
CVE-2019-14939 — CVSS 5.5 (medium): An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default.