All GORM CVEs — Complete Vulnerability History
GORM is Go's most popular ORM. Its main CVE is SQL injection via raw query methods — the same class of issue that affects any ORM that allows string interpolation in queries.
Go
N/A weekly downloads
1 CVE total
Full CVE history
| CVE | Year | Severity | Description | Fix |
|---|---|---|---|---|
| CVE-2023-22562 | 2023 | HIGH | SQL injection via crafted input in raw query methods | Fixed v1.25.1 |
Current safe version: v1.25.9
# Before gorm.io/gorm v1.23.0
# After gorm.io/gorm v1.25.9
Then run: go mod tidy
Paste your manifest — get a fixed version with all CVEs patched in seconds.
Open PackageFix →Free · No signup · No CLI · Runs in your browser
Common questions
How do I prevent SQL injection in GORM?
Avoid db.Raw() and db.Exec() with string formatting. Always use parameterized queries: db.Where("name = ?", name) not db.Where("name = '" + name + "'").