Launch Week Day 1: Announcing Security Design Review
Start for Free
npm

kysely

View on npm registry
4 Total advisories
4 Vulnerabilities
0 Malware

Vulnerabilities

HIGH 7.5
npm

CVE-2026-44635

Kysely: JSON-path traversal injection via unsanitized path-leg metacharacters in `JSONPathBuilder.key()` / `.at()`
HIGH 8.1
npm

CVE-2026-33468

Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings
HIGH 8.1
npm

CVE-2026-33442

Kysely has a MySQL SQL Injection via Backslash Escape Bypass in non-type-safe usage of JSON path keys.
HIGH 8.2
npm

CVE-2026-32763

SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`.

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes