sqlfluff
PyPI3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting sqlfluffpage 1 of 1
- CVE-2023-36830MEDIUMCVSS 6.3EG 6.3✓ Fixed in 2.1.22023-07-06
vulnerable: 0.0.1 ... 2.1.1 (105 versions)
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the `library_path` config value to allow arbit…
- CVE-2026-46373HIGHCVSS 7.5EG 7.5✓ Fixed in 4.1.02026-05-19
vulnerable: 0.0.1 ... 4.0.4a1 (152 versions)
SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a ma…
- CVE-2026-46374HIGHCVSS 7.5EG 7.5✓ Fixed in 4.2.02026-05-19
vulnerable: 0.0.1 ... 4.1.0 (153 versions)
SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a ma…
Check whether sqlfluff is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for sqlfluff CVEs against the assets you own.
Start Free Scan →