typeorm

npm3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting typeormpage 1 of 1

CVE-2020-8158CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.2.25
2020-09-18
Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks.
CVE-2022-33171CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.3.0
2022-07-04
The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string le…
CVE-2025-60542MEDIUMCVSS 6.5EG 6.5✓ Fixed in 0.3.26
2025-10-29
SQL Injection vulnerability in TypeORM before 0.3.26 via crafted request to repository.save or repository.update due to the sqlstring call using stringifyObjects default to false.

Check whether typeorm is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for typeorm CVEs against the assets you own.

Start Free Scan →