Browse all 3 CVE security advisories affecting Pydantic. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Pydantic serves as a data validation library using Python type annotations to enforce data structures, primarily used in API development and configuration management. Historically, vulnerabilities have included remote code execution through unsafe deserialization and cross-site scripting from improper input sanitization. The library has faced security issues related to privilege escalation in versions prior to 1.9 due to path traversal flaws. While maintaining three CVEs, Pydantic's security posture has improved with stricter validation defaults and regular security audits, making it a generally secure choice when properly configured and updated.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-25580 | Pydantic AI Affected by Server-Side Request Forgery (SSRF) in URL Download Handling — pydantic-aiCWE-918 | 8.6 | High | 2026-02-06 |
| CVE-2026-25640 | Pydantic AI affected by Stored XSS via Path Traversal in Web UI CDN URL — pydantic-aiCWE-22 | 7.1 | High | 2026-02-06 |
| CVE-2024-3772 | Regular expression denial of service in Pydantic < 2.4.0 — PydanticCWE-1333 | 5.9 | Medium | 2024-04-15 |
This page lists every published CVE security advisory associated with Pydantic. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.