For now sqlparse uses very defensive version numbers. There's no major version yet. In turn there's only one supported version and this is the latest.

To report a vulnerability head over to the Security Advisories page and click on "New draft security advisory".

Feel free to contact me at albrecht.andi@gmail.com if you have any questions or want to discuss things beforehand.