pandas

registryPyPI

package namepandas

maintainerpandas Development Team

pandas is the standard library for tabular data manipulation in Python, providing the DataFrame and Series types used in data analysis, ETL pipelines, and ML feature engineering. It is present in essentially every data science environment and is a standard dependency of BI tooling and notebook-based workflows.

api usage

Checking pandas

pandas 2.2.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.

bash

curl "https://api.attestd.io/v1/check?product=pandas&version=2.2.0" \
  -H "Authorization: Bearer YOUR_API_KEY"

json

{
  "product": "pandas",
  "version": "2.2.0",
  "supported": true,
  "risk_state": "none",
  "supply_chain": {
    "compromised": false,
    "sources": [],
    "malware_type": null,
    "description": null,
    "advisory_url": null,
    "compromised_at": null,
    "removed_at": null
  },
  "last_updated": "2026-05-01T00:00:00Z"
}

attack surface

Why this package is monitored

Data processing packages handle production datasets, often containing PII, financial records, or proprietary training data. A backdoored version can intercept data frames before they reach any encryption or anonymization step.

Attestd monitors pandas using the following detection sources:

registry

Manually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.

osv

OSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.

pypi_yank

Versions yanked on PyPI with a security-related yanked_reason annotation. Confidence 0.80.

Supply chain overview All PyPI packages NumPy Polars scikit-learn Response fields