🛡️SecOSS
+ Scan
🛡️SecOSS

No account needed

Data stays in your browser

Dependency Vulnerability Scanner

Instant CVE detection for npm, pip, yarn, Pipfile.lock, and more

Upload or paste your lockfile — package-lock.json, yarn.lock, requirements.txt, or Pipfile.lock — and SecOSS cross-references every dependency against OSV.dev, the GitHub Advisory Database, and NVD/NIST in seconds. Results include CVE IDs, CVSS severity scores, affected version ranges, and exact fix versions so you can patch without guessing.

How to use

  1. 1Upload your lockfile (package-lock.json, yarn.lock, requirements.txt, or Pipfile.lock) — or paste its text contents directly into the box.
  2. 2Click Scan. SecOSS queries OSV.dev and NVD for every dependency in your file.
  3. 3Review vulnerabilities grouped by severity — CRITICAL, HIGH, MEDIUM, LOW — with CVE IDs and CVSS scores.
  4. 4Use the upgrade paths shown for each CVE to get a ready-to-run fix command and the safe target version.
📦

Drop your lockfile here

or click to browse

package-lock.jsonyarn.lockrequirements.txtPipfile.lock