Vulnerabilities > Sequelizejs > Sequelize > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-16 | CVE-2023-22579 | Type Confusion vulnerability in Sequelizejs Sequelize 7.0.0 Due to improper parameter filtering in the sequalize js library, can a attacker peform injection. | 8.8 |
| 2023-02-16 | CVE-2023-22580 | Information Exposure vulnerability in Sequelizejs Sequelize 7.0.0 Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure. | 7.5 |
| 2019-10-29 | CVE-2019-10749 | SQL Injection vulnerability in Sequelizejs Sequelize sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect. | 7.5 |
| 2019-04-10 | CVE-2019-11069 | Improper Input Validation vulnerability in Sequelizejs Sequelize Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used. | 7.5 |
| 2018-05-31 | CVE-2016-10554 | SQL Injection vulnerability in Sequelizejs Sequelize sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. | 7.5 |
| 2018-05-31 | CVE-2016-10553 | SQL Injection vulnerability in Sequelizejs Sequelize sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. | 7.5 |
| 2018-05-31 | CVE-2016-10550 | SQL Injection vulnerability in Sequelizejs Sequelize sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the `limit` or `order` parameters, a malicious user can put in their own SQL statements. | 7.5 |