Sherlock Forensics maintains security audit reports for 25 popular PyPI packages. A total of 573 known vulnerabilities are catalogued across these packages as of 2026-05-24. Each report includes CVE details and remediation guidance.
| Package | Latest Version | Vulnerabilities | Description |
|---|---|---|---|
| Django | 6.0.5 | 300 | A high-level Python web framework that encourages rapid development and clean, pragmatic design. |
| Pillow | 12.2.0 | 118 | Python Imaging Library (fork) |
| cryptography | 48.0.0 | 30 | cryptography is a package which provides cryptographic recipes and primitives to Python developers. |
| Scrapy | 2.16.0 | 18 | A high-level Web Crawling and Web Scraping framework |
| NumPy | 2.4.6 | 16 | Fundamental package for array computing in Python |
| Jinja2 | 3.1.6 | 16 | A very fast and expressive template engine. |
| Requests | 2.34.2 | 13 | Python HTTP for Humans. |
| Paramiko | 5.0.0 | 10 | SSH2 protocol library |
| Flask | 3.1.3 | 8 | A simple framework for building complex web applications. |
| PyYAML | 6.0.3 | 8 | YAML parser and emitter for Python |
| SQLAlchemy | 2.0.49 | 6 | Database Abstraction Library |
| Celery | 5.6.3 | 4 | Distributed Task Queue. |
| SciPy | 1.17.1 | 4 | Fundamental algorithms for scientific computing in Python |
| Uvicorn | 0.47.0 | 4 | The lightning-fast ASGI server. |
| Gunicorn | 26.0.0 | 4 | WSGI HTTP Server for UNIX |
| redis-py | 7.4.0 | 4 | Python client for Redis database and key-value store |
| FastAPI | 0.136.3 | 3 | FastAPI framework, high performance, easy to learn, fast to code, ready for production |
| Pydantic | 2.13.4 | 3 | Data validation using Python type hints |
| HTTPX | 0.28.1 | 2 | The next generation HTTP client. |
| Pandas | 3.0.3 | 1 | Powerful data structures for data analysis, time series, and statistics |
| pytest | 9.0.3 | 1 | pytest: simple powerful testing with Python |
| Boto3 | 1.43.14 | 0 | The AWS SDK for Python |
| Matplotlib | 3.10.9 | 0 | Python plotting package |
| Beautiful Soup | 4.14.3 | 0 | Screen-scraping library |
| Click | 8.4.1 | 0 | Composable command line interface toolkit |
Audit Your Dependencies
Our vibe coding security audit scans your entire dependency tree for vulnerable packages, misconfigurations and exposed secrets.
Get a Security Audit