Vulnerability Python Packages

nvdlib

A simple wrapper for the National Vulnerability CVE/CPE API

ca9

CVE reachability analysis for Python. Stop fixing vulnerabilities that don't affect you. Static + dynamic analysis to cut SCA noise from Snyk, Dependabot, Trivy, and others.

fray

Open-source WAF Security Testing Platform — 7,200+ attack payloads, 98 WAF/CDN fingerprints, AI-powered bypass engine, recon pipeline, beautiful CLI output

oasislmf

Loss modelling framework.

cve-bin-tool

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

vulncheck-sdk

A generated Python SDK from VulnCheck's OpenAPI specification

vunnel

Tool for collecting vulnerability data from various sources (used to build the grype database)

yardstick

Compare vulnerability scanners results (to make them better!)

pyscan-rs

python dependency vulnerability scanner, written in Rust.

gvm-tools

Remote control your Greenbone Community Edition or Greenbone Enterprise Appliance

secator

secator - the pentester's swiss knife

malwoverview

Malwoverview is a first response tool for threat hunting across VirusTotal, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, IPInfo, Shodan, AbuseIPDB, GreyNoise, URLScan.io, Whois/RDAP, NIST, and VulnCheck. Supports LLM enrichment, IOC extraction, YARA scanning, and Android analysis.

aboutcode-hashid

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

plecost

Plecost - Professional WordPress Security Scanner

vulnerablecode

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

faradaysec

Open Source Collaborative Penetration Test and Vulnerability Management Platform https://www.faradaysec.com

search-vulns

A modular tool to search for known vulnerabilities, exploits and more across various data sources

telegramsight

A client that retrieves vulnerability observations from a Telegram collector and pushes them to a Vulnerability-Lookup instance.

fedivuln

A client to gather vulnerability-related information from the Fediverse.

vulnparse-pin

A Vulnerability Intelligence and Decision Support Engine — Making Vulnerability Triage Faster and Remediation Decisions Explainable

eip-mcp

MCP server for the Exploit Intelligence Platform — vulnerability and exploit intelligence for AI assistants

arango-cve-processor

A small python script that enriches Vulnerability STIX Objects with other intel

fpvs

Fast Python Vulnerability Scanner

aboutcode-federated

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/