Browse all 3 CVE security advisories affecting Feathers-Sequalize. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Feathers-Sequalize is an ORM integration for FeathersJS applications, primarily used to manage database interactions in Node.js environments. Historically, it has been associated with vulnerabilities such as remote code execution (RCE) and cross-site scripting (XSS), often stemming from improper input validation and insecure deserialization practices. The project has recorded three CVEs, highlighting risks related to authentication bypass and privilege escalation due to misconfigured access controls. While no major public incidents have been documented, the consistent pattern of vulnerabilities suggests developers should implement strict input sanitization and maintain updated dependencies to mitigate potential exploits in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-22579 | Sequalize - Unsafe fall-through in getWhereConditions — Sequelize.jsCWE-843 | 9.9 | Critical | 2023-02-16 |
| CVE-2023-22578 | Sequalize - Default support for “raw attributes” when using parentheses — Sequelize.jsCWE-790 | 10.0 | Critical | 2023-02-16 |
| CVE-2023-22580 | Sequalize - Bad query filtering leading to SQL errors — Sequelize.jsCWE-200 | 5.3 | Medium | 2023-02-16 |
This page lists every published CVE security advisory associated with Feathers-Sequalize. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.