Is piccolo safe to use?

piccolo has 1 known vulnerabilities on the latest version (1.33.0). DepScope rates its health at 67/100 (moderate risk).

What is the latest version of piccolo?

The latest version of piccolo is 1.33.0, released 2026-03-06.

Yes. piccolo has 1 known vulnerabilities. See depscope.dev/pkg/pypi/piccolo for details.

No, piccolo is actively maintained. Latest release: 1.33.0 (2026-03-06).

Popular alternatives to piccolo in PyPI include: boto3/, packaging, urllib3/, certifi, urllib3.

pypiv1.33.0

A fast, user friendly ORM and query builder which supports asyncio.

License MITpermissive292 versions1 maintainers17 deps53,484 weekly dl

/ 100

Health

do not use

piccolo has critical vulnerabilities — do not use

Update to >= 82679eb8cd1449cf31d87c9914a072e70168b6eb to fix known vulnerabilities

Health breakdown0 – 100

20/25

maintenance

10/20

popularity

15/25

security

15/15

maturity

7/15

community

Vulnerabilities

1 critical

Advisories (1)

Severity	ID	Summary	Fixed in
critical	CVE-2023-47128	Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction `savepoints` in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a `savepoints` `name` parameter to a user is highly unlikely, it would not be unheard of. If a malicious user was able to abuse this functionality they would have essentially direct access to the database and the abilit	82679eb8cd1449cf31d87c9914a072e70168b6eb

Dependencies (17)

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/pypi/piccolo