VDB
KO
MEDIUM 6.5

PYSEC-2026-1855

python-sql SQL injection vulnerability

Details

A vulnerability was found in python-sql where unary operators do not escape non-Expression (like `And` and `Or`) which makes any system exposing those vulnerable to an SQL injection attack.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / python-sql
Introduced in: 0 Fixed in: 1.5.2
Fix pip install --upgrade 'python-sql>=1.5.2'

References