DepKeep

OSS Support Hub / Database

Node.js Database MIT Latest: v0.29.2

Kysely

Type-safe SQL query builder for TypeScript with zero runtime dependencies

npmGitHub
Health Metrics

Project Health at a Glance

Live data from GitHub and npm, updated daily.

14.0K+88
GitHub Stars
📦
v0.29.2
Latest Release · 1 months ago
🔄
7d
Avg. Release Cadence
🐛
168
Open Issues
📅
Yesterday
Last Commit
⬇️
9.0M
Weekly Downloads
🔒
4
Active CVEs

Data last fetched: 2026-06-29

Security

Known Vulnerabilities

4 active CVEs reported via OSV.dev

GHSA-8cpq-38p9-67gx CVSS_V3

Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings

Published: 2026-03-20 Fixed in: 0.28.14
GHSA-fr9j-6mvq-frcv CVSS_V3

Kysely has a MySQL SQL Injection via Backslash Escape Bypass in non-type-safe usage of JSON path keys.

Published: 2026-03-20 Fixed in: 0.28.14
GHSA-pv5w-4p9q-p3v2 CVSS_V3

Kysely: JSON-path traversal injection via unsanitized path-leg metacharacters in `JSONPathBuilder.key()` / `.at()`

Published: 2026-05-11 Fixed in: 0.28.17
GHSA-wmrf-hv6w-mr66 CVSS_V3

SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`.

Published: 2026-03-18 Fixed in: 0.28.12
Ecosystem

Alternatives to Kysely

Other Database projects in the Node.js ecosystem worth evaluating.

drizzle knex prisma
Get Help

Support Options for Kysely

Enterprise Support via DepKeep

Get SLA-backed support, security patches, and direct access to senior engineers for Kysely — without relying on volunteer maintainers.

Talk to an Expert →

Community Channels

GitHub Discussions →Discord →