Skip to main content

CRE-2025-0042

PostgreSQL transaction fails with deadlock detected error in psycopg2 and DjangoCritical
Impact: 7/10
Mitigation: 5/10

CRE-2025-0042View on GitHub

Description

- Applications using Django with PostgreSQL and psycopg2 may encounter `deadlock detected` errors under concurrent write-heavy workloads. - PostgreSQL raises this error when two or more transactions block each other cyclically while waiting for locks, and one must be aborted. - Django surfaces this as an `OperationalError`, and the affected transaction is rolled back.

Mitigation

- Ensure that transactions access rows in a consistent order across code paths. - Break large transactions into smaller units of work. - Use explicit `select_for_update()` to control locking behavior and reduce contention. - Monitor PostgreSQL `pg_stat_activity` and `pg_locks` to identify deadlock-prone queries.

References