npm
kysely
4 known vulnerabilities · 0 critical · 0 high
Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings
Published Mar 20, 2026
SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`.
Published Mar 18, 2026
Kysely has a MySQL SQL Injection via Backslash Escape Bypass in non-type-safe usage of JSON path keys.
Published Mar 20, 2026
GHSA-pv5w-4p9q-p3v2
Kysely: JSON-path traversal injection via unsanitized path-leg metacharacters in `JSONPathBuilder.key()` / `.at()`
Published May 11, 2026
Check your entire dependency tree at onceRun dependency scan →