npm/kysely — 4 CVEs

HIGH8.2CVE-2026-32763SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`.

>= 0.26.0, < 0.28.12

HIGH8.1CVE-2026-33468Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings

from 0, < 0.28.14

HIGH8.1CVE-2026-33442Kysely has a MySQL SQL Injection via Backslash Escape Bypass in non-type-safe usage of JSON path keys.

>= 0.28.12, < 0.28.14

HIGH7.5Kysely: JSON-path traversal injection via unsanitized path-leg metacharacters in `JSONPathBuilder.key()` / `.at()`

>= 0.26.0, < 0.28.17

pkg:npm/kysely

✅ Check your installed version

All known vulnerabilities