CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-34220

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, there is a SQL injection vulnerability when specially crafted objects are interpreted as raw SQL query fragments. This issue has been patched in versions 6.6.10 and 7.0.6.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 8.7%

CVSS Severity

CVSS v3 Score 9.8

References

https://github.com/mikro-orm/mikro-orm/security/advisories/GHSA-gwhv-j974-6fxm

Products affected by CVE-2026-34220

Mikro-Orm » Mikroorm » Version: Any

cpe:2.3:a:mikro-orm:mikroorm:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-34220

Products

Pricing

Contact Us