← Back to feed
Update:
[HIGH] GHSA-73jc-5mrq-prw7: SQLFluff: Uncontrolled Resource Consumption in SQLFluff Parser
GitHub Security Advisory·Security·SecurityFix·5/19/2026
### Impact In deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to trigger a Denial of Service through resource exhaustion. ### Patches Versions 4.2.0 and up contain a configurable parse
Why it matters → sqlfluff released an update. Review the changelog for relevant changes.
Who should care → Teams using sqlfluff.
sqlfluffnode.js
View original source ↗Source payload preview
{
"ghsaId": "GHSA-73jc-5mrq-prw7",
"summary": "SQLFluff: Uncontrolled Resource Consumption in SQLFluff Parser",
"severity": "HIGH",
"updatedAt": "2026-05-19T20:10:54Z",
"references": [
{
"url": "https://github.com/sqlfluff/sqlfluff/security/advisories/GHSA-73jc-5mrq-prw7"
},
{
"url": "https://github.com/advisories/GHSA-73jc-5mrq-prw7"
}
],
"description": "### Impact\n\nIn deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to trigger a Denial of Service through resource exhaustion.\n\n### Patches\n\nVersions 4.2.0 and up contain a configurable parse node limit, which is enabled by default, to prevent this manner of exploit.\n\n### Credit\n\nO
…