Vulnerability scanner for Python dependencies using the OSV API
Project description
pyvulscan
Vulnerability scanner for Python dependencies using the OSV API.
Supports uv.lock, poetry.lock, pyproject.toml, and requirements.txt — no environment activation needed.
Install
pip install pyvulscan
Usage
# Auto-detect lockfile in current project
pyvulscan pyproject.toml
# Scan only direct dependencies (not transitive)
pyvulscan pyproject.toml --direct-only
# Scan a specific lockfile
pyvulscan uv.lock
pyvulscan poetry.lock
# JSON output (for CI/CD integration)
pyvulscan pyproject.toml --json
# Exit with code 1 if vulnerabilities found (CI gate)
pyvulscan pyproject.toml --exit-code
# Include dev dependencies (Poetry only)
pyvulscan pyproject.toml --group main --group dev
How it works
- Parses your lockfile to get exact resolved versions
- Sends a single batch request to the OSV API
- Fetches full details (severity, fix version) for each vulnerability found
- Reports findings with CVSS score, label, and recommended fix version
Development
# Install with dev dependencies
pip install -e ".[dev]"
# Run tests
pytest tests/
# Lint
ruff check src/
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
pyvulscan-0.1.1.tar.gz
(132.2 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
pyvulscan-0.1.1-py3-none-any.whl
(12.6 kB
view details)
File details
Details for the file pyvulscan-0.1.1.tar.gz.
File metadata
- Download URL: pyvulscan-0.1.1.tar.gz
- Upload date:
- Size: 132.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.9.24 {"installer":{"name":"uv","version":"0.9.24","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
00de96ec8610c89cca99ae4d15df42eab49fdb471dc14b89673a81eea15f8100
|
|
| MD5 |
82da9e16966318e6544b49045d52cb4b
|
|
| BLAKE2b-256 |
4443cda62e1c3bf98b2704a85e15e803a94c495f0ed6ee8376acce3fcf668ca0
|
File details
Details for the file pyvulscan-0.1.1-py3-none-any.whl.
File metadata
- Download URL: pyvulscan-0.1.1-py3-none-any.whl
- Upload date:
- Size: 12.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.9.24 {"installer":{"name":"uv","version":"0.9.24","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8eb362c4a3bdf4b395401f628799440034c38b2318ed72781415680cf650fc8d
|
|
| MD5 |
32d4baa4e6a3b237564b5f50cd9aec6c
|
|
| BLAKE2b-256 |
7977a1777b27a2dc7264d236602dfc2e9c1139618eb804631751f7661f42bf3b
|
