SQL Injection in typeorm - typeorm

Severity:: High

Description

Versions of typeorm before 0.1.15 are vulnerable to SQL Injection. Field names are not properly validated allowing attackers to inject SQL statements and execute arbitrary SQL queries.

Recommendation

Update the typeorm package to the latest compatible version. Followings are version details:

Affected version(s): < 0.1.15
Patched version(s): 0.1.15

References

GHSA-w7q7-vjp8-7jv4
hackerone.com
www.npmjs.com
CWE-89
OWASP 2021-A3

Related Issues

FUXA SQL Injection vulnerability - fuxa-server - CVE-2023-31719
FUXA SQL Injection vulnerability - CVE-2023-31717
@saltcorn/data vulnerable to SQL Injection via jsexprToSQL Literal Handler - Vulnerability
Veramo is Vulnerable to SQL Injection in Veramo Data Store ORM - Vulnerability

How do hackers hack websites?

44 New SQL Injection Tests for WordPress in SmartScanner 1.8

These 7 PHP mistakes leave your website open to the hackers

Tags:: npm; typeorm

Anything's wrong? Let us know Last updated on February 11, 2026