FastAPI

registryPyPI

package namefastapi

maintainerFastAPI / Sebastián Ramírez

FastAPI is the most popular Python web framework for building REST and async APIs, used extensively for LLM API wrappers, ML model serving, and microservices. It is built on Starlette and Pydantic and runs under ASGI servers such as Uvicorn or Gunicorn with Uvicorn workers. Its adoption in AI backend services accelerated rapidly after 2022.

api usage

Checking FastAPI

fastapi 0.115.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.

bash

curl "https://api.attestd.io/v1/check?product=fastapi&version=0.115.0" \
  -H "Authorization: Bearer YOUR_API_KEY"

json

{
  "product": "fastapi",
  "version": "0.115.0",
  "supported": true,
  "risk_state": "none",
  "supply_chain": {
    "compromised": false,
    "sources": [],
    "malware_type": null,
    "description": null,
    "advisory_url": null,
    "compromised_at": null,
    "removed_at": null
  },
  "last_updated": "2026-05-01T00:00:00Z"
}

attack surface

Why this package is monitored

Web framework packages are present in every request handler in the application. A backdoored version has access to all incoming request bodies, headers, and authentication tokens processed by the application before any route handler runs.

Attestd monitors fastapi using the following detection sources:

registry

Manually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.

osv

OSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.

pypi_yank

Versions yanked on PyPI with a security-related yanked_reason annotation. Confidence 0.80.

Supply chain overview All PyPI packages Uvicorn Pydantic SQLAlchemy HTTPX Response fields