CVE-2026-33468
- EPSS 0.07%
- Veröffentlicht 26.03.2026 17:03:05
- Zuletzt bearbeitet 31.03.2026 21:24:51
Kysely is a type-safe TypeScript SQL query builder. Prior to version 0.28.14, Kysely's `DefaultQueryCompiler.sanitizeStringLiteral()` only escapes single quotes by doubling them (`'` → `''`) but does not escape backslashes. When used with the MySQL d...
CVE-2026-33442
- EPSS 0.07%
- Veröffentlicht 26.03.2026 17:01:57
- Zuletzt bearbeitet 31.03.2026 21:27:04
Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28.13, the `sanitizeStringLiteral` method in Kysely's query compiler escapes single quotes (`'` → `''`) but does not escape backslashes. On MySQL with the default `BACKSLAS...
CVE-2026-32763
- EPSS 0.02%
- Veröffentlicht 19.03.2026 23:14:58
- Zuletzt bearbeitet 08.04.2026 20:57:45
Kysely is a type-safe TypeScript SQL query builder. Versions up to and including 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The `visitJSONPathLeg()` function appends user-controlled values from `...