OsVault/npm/mysql

npm3 critical

mysql

20 known vulnerabilities · 3 critical · 3 high

CVE-2015-9244CRITICAL

SQL Injection in mysql

Published Sep 1, 2020

CVE-2019-14939MEDIUM

MySQL for Node.js Unsafe Options

Published May 24, 2022

CVE-2026-33468

Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings

Published Mar 20, 2026

CVE-2024-21511CRITICAL

MySQL2 for Node Arbitrary Code Injection

Published Apr 23, 2024

CVE-2024-21507MEDIUM

mysql2 cache poisoning vulnerability

Published Apr 10, 2024

CVE-2024-21509MEDIUM

mysql2 vulnerable to Prototype Poisoning

Published Apr 10, 2024

CVE-2018-3754HIGH

SQL Injection in query-mysql

Published Sep 10, 2018

GHSA-f3f2-mcxc-pwjx

n8n: SQL Injection in MySQL, PostgreSQL, and Microsoft SQL nodes

Published Feb 26, 2026

MAL-2022-1520

Malicious code in bfx-facs-db-mysql (npm)

Published Jun 20, 2022

CVE-2024-21508CRITICAL

mysql2 Remote Code Execution (RCE) via the readCodeFor function

Published Apr 11, 2024

CVE-2026-33442

Kysely has a MySQL SQL Injection via Backslash Escape Bypass in non-type-safe usage of JSON path keys.

Published Mar 20, 2026

CVE-2017-16047HIGH

mysqljs is malware

Published Sep 1, 2020

MAL-2025-47191

Malicious code in mysql-dumpdiscord (npm)

Published Sep 15, 2025

CVE-2024-21512HIGH

mysql2 vulnerable to Prototype Pollution

Published May 30, 2024

MAL-2025-2516

Malicious code in mysql_nlp (npm)

Published Mar 18, 2025

MAL-2023-7973

Malicious code in mmolecule-mysql (npm)

Published Aug 31, 2023

MAL-2025-4514

Malicious code in telegraf-mysql2-session (npm)

Published May 27, 2025

MAL-2022-4888

Malicious code in node-namshi-mysql (npm)

Published Jun 20, 2022

MAL-2026-537

Malicious code in mysql2.js (npm)

Published Jan 27, 2026

MAL-2026-1958

Malicious code in mtpmysql (npm)

Published Mar 20, 2026

Check your entire dependency tree at onceRun dependency scan →