Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package typeorm, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2020-8158 — CVSS 9.8 (critical): Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further…
CVE-2022-33171 — CVSS 9.8 (critical): The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is…
CVE-2025-60542 — CVSS 6.5 (medium): SQL Injection vulnerability in TypeORM before 0.3.26 via crafted request to repository.save or repository.update due to the sqlstring call…