Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/sqlparse@0.4.1

Type pypi

Namespace

Name sqlparse

Version 0.4.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 0.4.4

Latest_non_vulnerable_version 0.5.4

Affected_by_vulnerabilities

url VCID-bh4x-5gt2-myah

vulnerability_id VCID-bh4x-5gt2-myah

summary denial of service

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32839.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32839.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-32839

reference_id

reference_type

scores

value	0.00122
scoring_system	epss
scoring_elements	0.30864
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-32839

reference_url

https://github.com/andialbrecht/sqlparse

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/andialbrecht/sqlparse

reference_url

https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb

reference_url

https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/sqlparse/PYSEC-2021-333.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/sqlparse/PYSEC-2021-333.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2024/12/msg00022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/12/msg00022.html

reference_url

https://securitylab.github.com/advisories/GHSL-2021-107-andialbrecht-sqlparse

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://securitylab.github.com/advisories/GHSL-2021-107-andialbrecht-sqlparse

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2005072
reference_id	2005072
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2005072

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994841
reference_id	994841
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994841

reference_url

https://security.archlinux.org/AVG-2401

reference_id

AVG-2401

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2401

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-32839

reference_id

CVE-2021-32839

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-32839

reference_url	https://github.com/advisories/GHSA-p5w8-wqhj-9hhf
reference_id	GHSA-p5w8-wqhj-9hhf
reference_type
scores
url	https://github.com/advisories/GHSA-p5w8-wqhj-9hhf

reference_url	https://access.redhat.com/errata/RHSA-2022:5498
reference_id	RHSA-2022:5498
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5498

fixed_packages

url pkg:pypi/sqlparse@0.4.2

purl pkg:pypi/sqlparse@0.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tcmp-pret-ekgr

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/sqlparse@0.4.2

aliases CVE-2021-32839, GHSA-p5w8-wqhj-9hhf, PYSEC-2021-333

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bh4x-5gt2-myah

url VCID-tcmp-pret-ekgr

vulnerability_id VCID-tcmp-pret-ekgr

summary sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30608.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30608.json

reference_url

https://github.com/andialbrecht/sqlparse

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/andialbrecht/sqlparse

reference_url

https://github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb

reference_url

https://github.com/andialbrecht/sqlparse/commit/e75e35869473832a1eb67772b1adfee2db11b85a

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/andialbrecht/sqlparse/commit/e75e35869473832a1eb67772b1adfee2db11b85a

reference_url

https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/sqlparse/PYSEC-2023-87.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/sqlparse/PYSEC-2023-87.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2023/05/msg00017.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2023/05/msg00017.html

reference_url

https://lists.debian.org/debian-lts-announce/2024/12/msg00022.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/12/msg00022.html

reference_url

https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034615
reference_id	1034615
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034615

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2187903
reference_id	2187903
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2187903

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-30608

reference_id

CVE-2023-30608

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-30608

reference_url	https://github.com/advisories/GHSA-rrm6-wvj7-cwh2
reference_id	GHSA-rrm6-wvj7-cwh2
reference_type
scores
url	https://github.com/advisories/GHSA-rrm6-wvj7-cwh2

reference_url	https://access.redhat.com/errata/RHSA-2023:4591
reference_id	RHSA-2023:4591
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4591

reference_url	https://access.redhat.com/errata/RHSA-2023:6818
reference_id	RHSA-2023:6818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6818

fixed_packages

url	pkg:pypi/sqlparse@0.4.4
purl	pkg:pypi/sqlparse@0.4.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/sqlparse@0.4.4

aliases CVE-2023-30608, GHSA-rrm6-wvj7-cwh2, PYSEC-2023-87

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tcmp-pret-ekgr

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/sqlparse@0.4.1

Package Instance