Sherlock Forensics maintains security audit reports for 25 popular PyPI packages. A total of 576 known vulnerabilities are catalogued across these packages as of 2026-07-04. Each report includes CVE details and remediation guidance.
| Package | Latest Version | Vulnerabilities | Description |
|---|---|---|---|
| Django | 6.0.6 | 301 | A high-level Python web framework that encourages rapid development and clean, pragmatic design. |
| Pillow | 12.3.0 | 120 | Python Imaging Library (fork) |
| cryptography | 49.0.0 | 31 | cryptography is a package which provides cryptographic recipes and primitives to Python developers. |
| Scrapy | 2.16.0 | 18 | A high-level Web Crawling and Web Scraping framework |
| NumPy | 2.5.0 | 16 | Fundamental package for array computing in Python |
| Jinja2 | 3.1.6 | 15 | A very fast and expressive template engine. |
| Requests | 2.34.2 | 13 | Python HTTP for Humans. |
| Paramiko | 5.0.0 | 10 | SSH2 protocol library |
| Flask | 3.1.3 | 8 | A simple framework for building complex web applications. |
| PyYAML | 6.0.3 | 8 | YAML parser and emitter for Python |
| SQLAlchemy | 2.0.51 | 6 | Database Abstraction Library |
| Celery | 5.6.3 | 4 | Distributed Task Queue. |
| SciPy | 1.18.0 | 4 | Fundamental algorithms for scientific computing in Python |
| Uvicorn | 0.50.0 | 4 | The lightning-fast ASGI server. |
| Gunicorn | 26.0.0 | 4 | WSGI HTTP Server for UNIX |
| redis-py | 8.0.1 | 4 | Python client for Redis database and key-value store |
| FastAPI | 0.139.0 | 3 | FastAPI framework, high performance, easy to learn, fast to code, ready for production |
| Pydantic | 2.13.4 | 3 | Data validation using Python type hints |
| HTTPX | 0.28.1 | 2 | The next generation HTTP client. |
| Pandas | 3.0.3 | 1 | Powerful data structures for data analysis, time series, and statistics |
| pytest | 9.1.1 | 1 | pytest: simple powerful testing with Python |
| Boto3 | 1.43.40 | 0 | The AWS SDK for Python |
| Matplotlib | 3.11.0 | 0 | Python plotting package |
| Beautiful Soup | 4.15.0 | 0 | Screen-scraping library |
| Click | 8.4.2 | 0 | Composable command line interface toolkit |
Audit Your Dependencies
Our vibe coding security audit scans your entire dependency tree for vulnerable packages, misconfigurations and exposed secrets.
Get a Security Audit