Sherlock Forensics maintains security audit reports for 50 popular open-source packages across npm and PyPI. A total of 712 known vulnerabilities are catalogued with CVE details, severity ratings and remediation guidance. Updated weekly.
Audited Ecosystems
npm Packages (25 audited)
139 total known vulnerabilities across 25 npm packages.
Most vulnerabilities:
- Next.js - 55 vulnerabilities
- Axios - 25 vulnerabilities
- Angular - 14 vulnerabilities
- Lodash - 10 vulnerabilities
- Mongoose - 8 vulnerabilities
PyPI Packages (25 audited)
573 total known vulnerabilities across 25 PyPI packages.
Most vulnerabilities:
- Django - 300 vulnerabilities
- Pillow - 118 vulnerabilities
- cryptography - 30 vulnerabilities
- Scrapy - 18 vulnerabilities
- NumPy - 16 vulnerabilities
Full Dependency Audit
These pages cover individual packages. For a full audit of your project's dependency tree including transitive risks, contact Sherlock Forensics.
Get a Vibe Coding Security Audit