PyPI: sqlalchemy

SFTY-20221104-54246

Safety legacy ID: pyup.io-51668

Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563

PythonPyPI
Created at: Nov 5, 2025Updated at: Nov 5, 2025

Overview

Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563

Advisory

Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563

Affected Package

Affecting sqlalchemy package, versions
<2.0.0b1

Also affects

---

How to Fix

Upgrade
sqlalchemy
to
2.0.0b1
or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

Safety

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more