Description
Versions of typeorm before 0.1.15 are vulnerable to SQL Injection. Field names are not properly validated allowing attackers to inject SQL statements and execute arbitrary SQL queries.
Recommendation
Update the typeorm package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.1.15
- Patched version(s): 0.1.15
References
Related Issues
- @saltcorn/data vulnerable to SQL Injection via jsexprToSQL Literal Handler - Vulnerability
- SQL injection in typeORM - CVE-2022-33171
- @langchain/community SQL Injection vulnerability - CVE-2024-7042
- Veramo is Vulnerable to SQL Injection in Veramo Data Store ORM - Vulnerability
You might also like:
- Tags:
- npm
- typeorm
Anything's wrong? Let us know Last updated on February 11, 2026


