{"id":6758,"library":"ormar","title":"Ormar","description":"Ormar is an async ORM for Python, designed with FastAPI and Pydantic validation in mind, supporting Postgres, MySQL, and SQLite. It provides a single model definition that acts as both an ORM model and a Pydantic model. Currently at version 0.23.1, it maintains an active development and release cadence, frequently pushing updates including vulnerability fixes and new features.","status":"active","version":"0.23.1","language":"en","source_language":"en","source_url":"https://github.com/ormar-orm/ormar","tags":["ORM","async","FastAPI","Pydantic","SQLAlchemy"],"install":[{"cmd":"pip install ormar","lang":"bash","label":"Install stable version"}],"dependencies":[{"reason":"Used for query building and database interaction.","package":"sqlalchemy","optional":false},{"reason":"Used for data validation and model serialization/deserialization.","package":"pydantic","optional":false},{"reason":"Required for async SQLite connections.","package":"aiosqlite","optional":true},{"reason":"Required for async PostgreSQL connections.","package":"asyncpg","optional":true},{"reason":"Required for async MySQL connections.","package":"pymysql","optional":true}],"imports":[{"symbol":"Model","correct":"from ormar import Model"},{"note":"Since v0.20.0, model configuration moved from an inner `Meta` class to an instance of `OrmarConfig` assigned to the `ormar_config` attribute.","wrong":"class Meta: ...","symbol":"OrmarConfig","correct":"from ormar import OrmarConfig"},{"note":"Since v0.22.0, `ormar` replaced the `databases` library with native async SQLAlchemy via `DatabaseConnection`.","wrong":"import databases; database = databases.Database(...)","symbol":"DatabaseConnection","correct":"from ormar import DatabaseConnection"},{"symbol":"Integer","correct":"from ormar import Integer"},{"symbol":"String","correct":"from ormar import String"},{"symbol":"Boolean","correct":"from ormar import Boolean"}],"quickstart":{"code":"import asyncio\nimport sqlalchemy\nimport ormar\n\n# 1. Define Database Connection and Metadata\nDATABASE_URL = \"sqlite+aiosqlite:///test.db\"\n\n# This assumes a base config for all models. For complex apps, use `base_ormar_config.copy()`\nbase_ormar_config = ormar.OrmarConfig(\n    metadata=sqlalchemy.MetaData(),\n    database=ormar.DatabaseConnection(DATABASE_URL),\n)\n\n# 2. Define an Ormar Model\nclass User(ormar.Model):\n    ormar_config = base_ormar_config.copy(tablename=\"users\")\n\n    id: int = ormar.Integer(primary_key=True)\n    name: str = ormar.String(max_length=100)\n    is_active: bool = ormar.Boolean(default=True)\n\nasync def main():\n    # 3. Connect to the database and create tables\n    if not base_ormar_config.database.is_connected:\n        await base_ormar_config.database.connect()\n    \n    # Create tables (only once, usually in a migration or startup script)\n    # For a persistent DB, use alembic. For quickstart, create all.\n    print(\"Creating tables...\")\n    engine = sqlalchemy.create_engine(DATABASE_URL.replace('+aiosqlite', ''))\n    base_ormar_config.metadata.create_all(engine)\n    print(\"Tables created.\")\n\n    # 4. Create a new user\n    print(\"Creating user Jane Doe...\")\n    jane = await User.objects.create(name=\"Jane Doe\")\n    print(f\"Created user: {jane.id} - {jane.name} (active: {jane.is_active})\")\n\n    # 5. Retrieve all users\n    print(\"Retrieving all users...\")\n    users = await User.objects.all()\n    for user in users:\n        print(f\"Found user: {user.id} - {user.name} (active: {user.is_active})\")\n\n    # 6. Disconnect from the database\n    print(\"Disconnecting from database...\")\n    if base_ormar_config.database.is_connected:\n        await base_ormar_config.database.disconnect()\n    print(\"Disconnected.\")\n\nif __name__ == \"__main__\":\n    asyncio.run(main())\n","lang":"python","description":"This quickstart demonstrates how to set up an Ormar model, connect to an in-memory SQLite database, create tables, and perform basic CRUD operations. It uses the modern `OrmarConfig` and `DatabaseConnection` patterns. Note that for persistent databases, `alembic` is recommended for migrations, and `create_all` is typically run only once during setup or testing."},"warnings":[{"fix":"Upgrade to ormar `0.23.1` or newer immediately.","message":"A high severity vulnerability (CVE-2026-27953) in model initialization allowed injection of `__pk_only__` and `__excluded__` parameters through user-supplied `**kwargs`, bypassing Pydantic validation or nullifying fields.","severity":"breaking","affected_versions":"All versions prior to 0.23.1"},{"fix":"Upgrade to ormar `0.23.0` or newer immediately.","message":"A critical vulnerability (CVE-2026-26198) in aggregate functions allowed arbitrary SQL execution through user input due to improper SQL query generation.","severity":"breaking","affected_versions":"0.9.9 - 0.12.2 and 0.20.0b1 - 0.22.0"},{"fix":"Replace `import databases` with `from ormar import DatabaseConnection`. Database URLs must now use async drivers (e.g., `sqlite+aiosqlite:///` instead of `sqlite:///`).","message":"Version 0.22.0 migrated from the `databases` library to native async SQLAlchemy. This requires changing database connection imports and potentially connection string formats.","severity":"breaking","affected_versions":"0.22.0 and later"},{"fix":"Refactor `class Meta: ...` within your models to `ormar_config = ormar.OrmarConfig(...)`. It's recommended to create a base `OrmarConfig` and use its `copy()` method for individual models.","message":"Starting with version 0.20.0, model configuration transitioned from an inner `Meta` class to an instance of `ormar.OrmarConfig` assigned to the `ormar_config` attribute.","severity":"breaking","affected_versions":"0.20.0 and later"},{"fix":"Migrate Pydantic v1 models to v2 syntax. Replace `choices` parameter in fields with `ormar.Enum`. `pydantic_only` fields are removed.","message":"Ormar `0.20.0` introduced support for Pydantic v2. This includes changes to how `choices` are handled (now `ormar.Enum`) and deprecation of `pydantic_only` fields. This might require adjustments in model field definitions.","severity":"breaking","affected_versions":"0.20.0 and later"},{"fix":"Ensure your project runs on Python 3.10 or newer. Upgrade SQLAlchemy to version 2.0 or compatible version.","message":"Support for Python 3.8 was dropped in `0.21.0`, and Python 3.9 was dropped in `0.23.0`. Additionally, SQLAlchemy 1.4 support was dropped in `0.21.0` in favor of SQLAlchemy 2.0.","severity":"breaking","affected_versions":"0.21.0 and later (Python 3.8), 0.23.0 and later (Python 3.9), 0.21.0 and later (SQLAlchemy 1.4)"}],"env_vars":null,"last_verified":"2026-04-15T00:00:00.000Z","next_check":"2026-07-14T00:00:00.000Z","problems":[]}