advisory-database
Advisory database for Python packages published on pypi.org (by pypa)
safety-db
A curated database of insecure Python packages (by pyupio)
| advisory-database | safety-db | |
|---|---|---|
| 5 | 2 | |
| 237 | 756 | |
| 0.0% | 0.4% | |
| 7.3 | 6.6 | |
| 8 days ago | 15 days ago | |
| Python | ||
| Creative Commons Attribution 4.0 | GNU General Public License v3.0 or later |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
advisory-database
Posts with mentions or reviews of advisory-database.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-07-09.
- LangChain Arbitrary Command Execution - CVE-2023-34541
-
pyscan v0.1.0: A python dependency vulnerability scanner, written in Rust.
source
-
Auditing your python environment
The second tool I want to introduce to you is pip-audit. It is maintained by folks at Trails of Bit with some Google support. It uses the Pypa Advisory Database via the PyPI JSON API as a source of vulnerability reports.
- Adding Auditing to Pip
-
Google's unified vulnerability schema for open source supports Rust on launch
Today, weโre excited to announce a new milestone in expanding OSV to several key open-source ecosystems: Go, Rust, Python, and DWF.
safety-db
Posts with mentions or reviews of safety-db.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-08-18.
-
Known bad PyPi packages
Pyup.io has a community db over here with a big json of package containing vulnerabilities. I am afraid you will have to dig in the data to find a way to filter malicious packages.
-
Auditing your python environment
An open source version that we can freely use. It is updated once a month.
What are some alternatives?
When comparing advisory-database and safety-db you can also consider the following projects:
pyscan - python dependency vulnerability scanner, written in Rust.
pip-audit - Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them
vulndb - [mirror] The Go Vulnerability Database
Flask - The Python micro framework for building web applications.
advisory-db - Security advisory database for Rust crates published through crates.io
publications - Publications from Trail of Bits
dwflist - The DWF IDs
langchain - ๐ฆ๐ Build context-aware reasoning applications
Nuget Package Manager - Repo for NuGet Client issues
pre-commit - A framework for managing and maintaining multi-language pre-commit hooks.
advisory-database vs pyscan
safety-db vs pip-audit
advisory-database vs vulndb
safety-db vs Flask
advisory-database vs advisory-db
safety-db vs publications
advisory-database vs dwflist
advisory-database vs publications
advisory-database vs langchain
advisory-database vs Nuget Package Manager
advisory-database vs pre-commit
advisory-database vs pip-audit