69 matches found
Uncontrolled Recursion
Overview sqlfluffrs is a The SQL Linter for Humans Affected versions of this package are vulnerable to Uncontrolled Recursion through the ParseContext and parser recursion in the SQL parser components. An attacker can exhaust parser stack depth and force repeated parse failures by supplying deepl...
EUVD-2016-3150
Malware in sbrugna...
EUVD-2022-3057
Malicious code in bioql PyPI...
PostHog Plugin Server SQL Injection Vulnerability
PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
GHSA-V64V-FQ96-C5WV PostHog Plugin Server SQL Injection Vulnerability
PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
CVE-2025-1520
Summary of CVE-2025-1520 : Affected product family is PostHog, specifically the ClickHouse Table Functions component. The vulnerability is a SQL injection leading to remote code execution, stemming from improper validation of a user-supplied string used to construct SQL queries within the SQL par...
CVE-2023-32672 Apache Superset: SQL parser edge case bypasses data access authorization
An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an authenticated user to query tables that they do not have proper access to within Superset. The vulnerability can be exploited by leveraging a SQL parsing vulnerability...
SUSE SLED15 / SLES15 Security Update : python-sqlparse (SUSE-SU-2023:2462-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:2462-1 advisory. - sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular...
[SECURITY] [DLA 3425-1] sqlparse security update
Debian LTS Advisory DLA-3425-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin May 16, 2023 https://wiki.debian.org/LTS Package : sqlparse Version : 0.2.4-1+deb10u1 CVE ID : CVE-2023-30608 Debian Bug : 1034615 Erik Krogh Kristensen discovered that sqlparse, a...
sqlparse contains a regular expression that is vulnerable to Regular Expression Denial of Service
Impact The SQL parser contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. The vulnerability may lead to Denial of Service DoS. Patches This issues has been fixed in sqlparse 0.4.4. Workarounds None. References This issue was discovered and reported by...
CVE-2023-30608
A flaw was found in sqlparse. The SQL parser contains a regular expression vulnerable to a Regular Expression Denial of Service ReDoS. The vulnerability may lead to a denial of service DoS...
CVE-2023-30608
CVE-2023-30608 affects the Python package sqlparse (non-validating SQL parser module). A vulnerable regular expression in the parser can cause Regular Expression Denial of Service (ReDoS) leading to DoS conditions. The issue was introduced by commit e75e358 and is fixed in sqlparse 0.4.4 via comm...
CVE-2023-30608 Parser contains an inefficient regular expression in sqlparse
sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. This issue was introduced by commit e75e358. The vulnerability may lead to Denial of Service DoS. This...
CVE-2023-30608 Parser contains an inefficient regular expression in sqlparse
sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. This issue was introduced by commit e75e358. The vulnerability may lead to Denial of Service DoS. This...
SUSE CVE-2016-2044
libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...
SUSE CVE-2016-2559
Cross-site scripting XSS vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query...
SUSE CVE-2019-19924
SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite error handling...
phpMyAdmin Cross-site scripting (XSS) vulnerability in SQL parser
Cross-site scripting XSS vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query...
SUSE SLED15 / SLES15 Security Update : python-sqlparse (SUSE-SU-2021:3857-1)
The remote SUSE Linux SLED15 / SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2021:3857-1 advisory. - sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Servi...
CVE-2021-32839
sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments. On...