diff --git a/ghost/members-api/lib/repositories/EventRepository.js b/ghost/members-api/lib/repositories/EventRepository.js
index b86ff1312a..98484299bc 100644
--- a/ghost/members-api/lib/repositories/EventRepository.js
+++ b/ghost/members-api/lib/repositories/EventRepository.js
@@ -777,7 +777,15 @@ module.exports = class EventRepository {
         }
 
         const allowList = ['data.created_at', 'data.member_id', 'data.post_id', 'type', 'id'];
-        const parsed = nql(filter).parse();
+        let parsed;
+        try {
+            parsed = nql(filter).parse();
+        } catch (e) {
+            throw new errors.BadRequestError({
+                message: e.message
+            });
+        }
+
         const keys = getUsedKeys(parsed);
 
         for (const key of keys) {
diff --git a/ghost/members-api/test/unit/lib/repositories/event.test.js b/ghost/members-api/test/unit/lib/repositories/event.test.js
index 439aa495d3..9b2f2f6686 100644
--- a/ghost/members-api/test/unit/lib/repositories/event.test.js
+++ b/ghost/members-api/test/unit/lib/repositories/event.test.js
@@ -19,6 +19,12 @@ describe('EventRepository', function () {
             });
         });
 
+        it('throws when using invalid filter', function () {
+            should.throws(() => {
+                eventRepository.getNQLSubset('undefined');
+            }, errors.BadRequestError);
+        });
+
         it('throws when using properties that aren\'t in the allowlist', function () {
             should.throws(() => {
                 eventRepository.getNQLSubset('(types:1)');