Sherlock Forensics maintains security audit reports for 50 popular open-source packages across npm and PyPI. A total of 722 known vulnerabilities are catalogued with CVE details, severity ratings and remediation guidance. Updated weekly.
Audited Ecosystems
npm Packages (25 audited)
148 total known vulnerabilities across 25 npm packages.
Most vulnerabilities:
- Next.js - 55 vulnerabilities
- Axios - 34 vulnerabilities
- Angular - 14 vulnerabilities
- Lodash - 10 vulnerabilities
- Mongoose - 8 vulnerabilities
PyPI Packages (25 audited)
574 total known vulnerabilities across 25 PyPI packages.
Most vulnerabilities:
- Django - 300 vulnerabilities
- Pillow - 119 vulnerabilities
- cryptography - 30 vulnerabilities
- Scrapy - 18 vulnerabilities
- NumPy - 16 vulnerabilities
Full Dependency Audit
These pages cover individual packages. For a full audit of your project's dependency tree including transitive risks, contact Sherlock Forensics.
Get a Vibe Coding Security Audit