Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
sqlparse: Formatting Long Tuple Lists Can Cause Crashes
GHSA-27jp-wm6q-gp25
Summary
The sqlparse library can crash when formatting a long list of tuples. This can happen when querying databases with complex data. Affected users should update sqlparse to the latest version to prevent crashes.
What to do
- Update sqlparse to version 0.5.4.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | sqlparse | <= 0.5.3 | 0.5.4 |
Original title
sqlparse: formatting list of tuples leads to denial of service
Original description
### Summary
The below gist hangs while attempting to format a long list of tuples.
This was found while [drafting a regression test for Dja
ngo 5.2's composite primary key feature](https://code.djangoproject.com/ticket/36416#comment:3), which allows querying composite fields with tuples.
###
The below gist hangs while attempting to format a long list of tuples.
This was found while [drafting a regression test for Dja
ngo 5.2's composite primary key feature](https://code.djangoproject.com/ticket/36416#comment:3), which allows querying composite fields with tuples.
###
ghsa CVSS4.0
6.9
Vulnerability type
CWE-770
Allocation of Resources Without Limits
Published: 13 Feb 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026