typeorm is an ORM that can run in NodeJS, Browser, Cordova, PhoneGap, Ionic, React Native, NativeScript, Expo, and Electron platforms and can be used with TypeScript and JavaScript (ES5, ES6, ES7, ES8).
Affected versions of this package are vulnerable to SQL Injection via the repository.save or repository.update features when processing crafted input, due to improper handling in the sqlstring call with stringifyObjects set to false. An attacker can execute arbitrary SQL commands to bypass field-level update restrictions for columns such as user roles, by supplying specially crafted nested JSON.