Every CVE whose affected-product data names Sequelizejs Sequelize, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2023-25813 — CVSS 10.0 (critical): Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are…
CVE-2019-10748 — CVSS 9.8 (critical): Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped…
CVE-2019-10749 — CVSS 9.8 (critical): sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the…
CVE-2019-10752 — CVSS 9.8 (critical): Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not…
CVE-2016-10550 — CVSS 9.8 (critical): sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server…
CVE-2016-10553 — CVSS 9.8 (critical): sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server…
CVE-2016-10554 — CVSS 9.8 (critical): sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server…
CVE-2019-11069 — CVSS 7.5 (high): Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used.
CVE-2016-10556 — CVSS 7.5 (high): sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server…
CVE-2026-30951 — CVSS 7.5 (high): Sequelize is a Node.js ORM tool. Prior to 6.37.8, there is SQL injection via unescaped cast type in JSON/JSONB where clause processing. The…
CVE-2023-22580 — CVSS 5.3 (medium): Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure.