Search for packages
| purl | pkg:deb/debian/sqlparse@0.2.2-1 |
| Next non-vulnerable version | 0.4.2-1+deb12u1 |
| Latest non-vulnerable version | 0.4.2-1+deb12u1 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6jpc-dsrp-6qdg
Aliases: CVE-2024-4340 GHSA-2m57-hf25-phgg |
sqlparse parsing heavily nested list leads to Denial of Service Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError. |
Affected by 0 other vulnerabilities. |
|
VCID-bh4x-5gt2-myah
Aliases: CVE-2021-32839 GHSA-p5w8-wqhj-9hhf PYSEC-2021-333 |
denial of service |
Affected by 0 other vulnerabilities. |
|
VCID-tcmp-pret-ekgr
Aliases: CVE-2023-30608 GHSA-rrm6-wvj7-cwh2 PYSEC-2023-87 |
sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-06T09:11:30.069505+00:00 | Debian Oval Importer | Affected by | VCID-6jpc-dsrp-6qdg | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 38.6.0 |
| 2026-06-06T05:37:24.936584+00:00 | Debian Oval Importer | Affected by | VCID-bh4x-5gt2-myah | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 38.6.0 |
| 2026-06-06T04:12:21.674292+00:00 | Debian Oval Importer | Affected by | VCID-tcmp-pret-ekgr | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 38.6.0 |