GHSA-w7q7-vjp8-7jv4: SQL Injection in typeorm

June 6, 2019 (updated February 11, 2026)

Versions of typeorm before 0.1.15 are vulnerable to SQL Injection. Field names are not properly validated allowing attackers to inject SQL statements and execute arbitrary SQL queries.

References

github.com/advisories/GHSA-w7q7-vjp8-7jv4
github.com/typeorm/typeorm
github.com/typeorm/typeorm/commit/d46c8b0e6c0db56bb5976a4917e9f67a43715111
hackerone.com/reports/319458
www.npmjs.com/advisories/800

Code Behaviors & Features

Detect and mitigate GHSA-w7q7-vjp8-7jv4 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →