Orm

MikroORM is vulnerable to SQL injection due to improper escaping in identifier-quoting and JSON-path emitters, enabling attackers to inject arbitrary SQL via manipulated strings passed to public ORM APIs, potentially leading to data leaks, modification, and privilege escalation.

Drizzle ORM versions before 0.45.2 and 1.0.0-beta.20 are vulnerable to SQL injection due to improper escaping of SQL identifiers, allowing attackers to inject malicious SQL code through manipulated input leading to potential data breaches.