{"id":13501716,"url":"https://github.com/pyupio/safety-db","last_synced_at":"2025-04-11T03:28:11.392Z","repository":{"id":37413027,"uuid":"70887007","full_name":"pyupio/safety-db","owner":"pyupio","description":"A curated database of insecure Python packages","archived":false,"fork":false,"pushed_at":"2025-04-01T06:00:33.000Z","size":39040,"stargazers_count":771,"open_issues_count":14,"forks_count":84,"subscribers_count":35,"default_branch":"master","last_synced_at":"2025-04-03T22:37:16.981Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://pyup.io","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pyupio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-10-14T07:50:24.000Z","updated_at":"2025-04-01T06:00:34.000Z","dependencies_parsed_at":"2023-02-17T02:31:00.254Z","dependency_job_id":"1fe43064-460b-44b6-ba7a-ab465e1d75bd","html_url":"https://github.com/pyupio/safety-db","commit_stats":{"total_commits":1464,"total_committers":17,"mean_commits":86.11764705882354,"dds":0.08811475409836067,"last_synced_commit":"32cdd8ec294f70506a8716ad9b1f69738ab262d8"},"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyupio%2Fsafety-db","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyupio%2Fsafety-db/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyupio%2Fsafety-db/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyupio%2Fsafety-db/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pyupio","download_url":"https://codeload.github.com/pyupio/safety-db/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248335081,"owners_count":21086507,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T22:01:47.313Z","updated_at":"2025-04-11T03:28:11.364Z","avatar_url":"https://github.com/pyupio.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"[![safety](https://raw.githubusercontent.com/pyupio/safety-db/master/safety-db.jpg)](https://pyup.io/safety/)\n\n## What is Safety DB?\n\nSafety DB is a database of known security vulnerabilities in Python packages. The data is made available by [pyup.io](https://pyup.io/) and synced with this repository once per month. Most of the entries are found by filtering CVEs and changelogs for certain keywords and then manually reviewing them.\n\n## Tools\n\n- [Safety CI](https://pyup.io/safety/ci/) is a deep GitHub integration that's available on pyup.io. It checks your commits and Pull Requests.\n- [Safety](https://pyup.io/safety/) is a command line tool that checks virtualenvironments and requirement files either locally or on a CI server. \n- [Safety Django](https://pyup.io/safety/django/) is a package for Django that warns you in the admin area if your installed Django release is insecure.\n- [Safety Bar](https://github.com/pyupio/safety-bar) (alpha) is a macOS menubar application.\n- A [pre-commit hook](https://github.com/Lucas-C/pre-commit-hooks-safety) by Lucas Cimon.\n- [`pipenv check`](https://pipenv.readthedocs.io/en/latest/advanced/#detection-of-security-vulnerabilities) relies on `safety` and Safety-DB to check for known vulnerabilities in locked components\n- *your tool?*\n\n## Installation\n\n```sh\n\npip install safety-db\n```\n\n## Usage\n\n```python\n\nfrom safety_db import INSECURE, INSECURE_FULL\n```\n\n## What is this not?\n\nThis is not a hall of shame, or a list of packages to avoid. The package maintainers show a great responsibility by documenting and fixing security issues in such a way that they can be listed here. That's extremely valuable when considering using a package in production.\n\n## Using this data\n\nFor humans:\n\n- There's a small website available that lets you browse the data: https://pyupio.github.io/safety-db/\n\nFor robots:\n\nCheck out the `data` directory:\n\n- [insecure.json](https://github.com/pyupio/safety-db/blob/master/data/insecure.json) contains just the package name and all insecure releases as a plain list.\n- [insecure_full.json](https://github.com/pyupio/safety-db/blob/master/data/insecure_full.json) additionally contains the CVE description and URLs, or the relevant part of the changelog.\n\nThe database is licensed under [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). This allows you to use the data in any non commercial project as long as you link back to this repo. If you need a license for a commercial project, please contact support@pyup.io.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpyupio%2Fsafety-db","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpyupio%2Fsafety-db","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpyupio%2Fsafety-db/lists"}