kysely
npm2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting kyselypage 1 of 1
- CVE-2026-32763HIGHCVSS 8.2EG 8.2✓ Fixed in 0.28.122026-03-20
Kysely is a type-safe TypeScript SQL query builder. Versions up to and including 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The `visitJSONPathLeg()` function appends user-controlled va…
- CVE-2026-44635HIGHCVSS 7.5EG 7.5✓ Fixed in 0.28.172026-05-27
Kysely is a type-safe TypeScript SQL query builder. From 0.26.0 to 0.28.16, DefaultQueryCompiler.visitJSONPathLeg does not escape JSON-path metacharacters (., [, ], *, **, ?). When attacker-controlled input flows into eb.ref(col, '->$').ke…
Check whether kysely is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for kysely CVEs against the assets you own.
Start Free Scan →