Pydantic

registryPyPI

package namepydantic

maintainerPydantic

Pydantic is the most widely used Python data validation library, providing type-annotated model classes that validate and serialize data. It is the data layer for FastAPI, LangChain, and hundreds of other libraries. Pydantic v2 was rewritten in Rust for performance and is a transitive dependency of most modern Python services.

api usage

Checking Pydantic

pydantic 2.8.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.

bash

curl "https://api.attestd.io/v1/check?product=pydantic&version=2.8.0" \
  -H "Authorization: Bearer YOUR_API_KEY"

json

{
  "product": "pydantic",
  "version": "2.8.0",
  "supported": true,
  "risk_state": "none",
  "supply_chain": {
    "compromised": false,
    "sources": [],
    "malware_type": null,
    "description": null,
    "advisory_url": null,
    "compromised_at": null,
    "removed_at": null
  },
  "last_updated": "2026-05-01T00:00:00Z"
}

attack surface

Why this package is monitored

Validation libraries process every piece of user-supplied input before it reaches the application. A backdoored validator can silently pass through malicious payloads while logging or forwarding the validated data to an external server.

Attestd monitors pydantic using the following detection sources:

registry

Manually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.

osv

OSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.

pypi_yank

Versions yanked on PyPI with a security-related yanked_reason annotation. Confidence 0.80.

Supply chain overview All PyPI packages FastAPI SQLAlchemy LangChain Core Response fields