All pydantic CVEs — Complete Vulnerability History
pydantic is Python's most popular data validation library, used by FastAPI, SQLModel, and many others. Its main CVE is ReDoS in email validation.
PyPI
100M+ weekly downloads
2 CVEs total
Full CVE history
| CVE | Year | Severity | Description | Fix |
|---|---|---|---|---|
| CVE-2021-29510 | 2021 | HIGH | DoS via infinite loop in decimal validation | Fixed 1.8.2 |
| CVE-2024-3772 | 2024 | HIGH | ReDoS via malicious email address | Fixed 2.6.4 |
Current safe version: 2.6.4
# Before pydantic==1.10.0
# After pydantic==2.6.4
Then run: pip install -r requirements.txt
Paste your manifest — get a fixed version with all CVEs patched in seconds.
Open PackageFix →Free · No signup · No CLI · Runs in your browser
Common questions
Is there a breaking change between pydantic v1 and v2?
Yes — pydantic v2 is a complete rewrite with significant API changes. FastAPI 0.100.0+ supports both. Migration is worthwhile — v2 is 5-50x faster and has better error messages.