Vulnerability Detection Python Packages

safety

Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.

flake8-bandit

Automated security testing using bandit and flake8.

python-gvm

Greenbone Vulnerability Management Python Library

dependency-check

:closed_lock_with_key: Shim to easily install OWASP dependency-check-cli into Python projects

appthreat-vulnerability-db

Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.2, purl, and vers.

skjold

Security audit Python project dependencies against security advisory databases.

miesc

Multi-layer Intelligent Evaluation for Smart Contracts — 35 analysis modules, 9 defense layers, one command. Pre-audit triage for Ethereum, Starknet, and beyond.

aboutcode-hashid

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

immunipy

A Python SCA tool that acts as a watchdog, keeping an eye out for security vulnerabilities and reporting them promptly.

phi-complexity

Code quality metrics based on Golden Ratio (φ) mathematical invariants

vulnerablecode

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

vulnparse-pin

A Vulnerability Intelligence and Decision Support Engine — Making Vulnerability Triage Faster and Remediation Decisions Explainable

fpvs

Fast Python Vulnerability Scanner

aboutcode-federated

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

pyraider

Using PyRaider You can scan installed dependencies known security vulnerabilities. It uses publicly known exploits, vulnerabilities database.

agent-audit

Static security scanner for LLM agents — prompt injection, MCP config auditing, taint analysis. 49 rules mapped to OWASP Agentic Top 10 (2026). Works with LangChain, CrewAI, AutoGen.

codesight

Code analysis CLI - code review, bugs, security, docs, refactoring. Multi-provider LLM, SARIF output, CI-ready.

metlo

Metlo is an open-source API security platform.

open-source-insights-api

Library to consume project Open Source Insights Project from Google

kitsec

Pentesting, made easy.

jaegis-raverse-mcp-server

RAVERSE: AI Multi-Agent Binary Patching System with MCP Server (35 tools, npm/pip/docker)

serpant

World Serpant Search is a command-line tool for vulnerability detection. It allows you to scan directories for various types of vulnerabilities, including XSS vulnerabilities, authentication bypass vulnerabilities, and package vulnerabilities using the National Vulnerability Database (NVD).

appthreat-vulndb

Vulnerability database and package search for sources such as CVE, GitHub, and so on. Uses a built-in file based storage.

not-particularly

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.