Python Vulnerability Lookup Tool (2026): Scan pyproject.toml & requirements.txt for CVE Risks

Python Vulnerability Lookup Tool (2026): Scan pyproject.toml & requirements.txt for CVE Risks

Python Vulnerability Lookup is a browser-based tool that empowers developers to instantly detect security vulnerabilities in Python dependencies—without CLI setup or CI/CD integration. By leveraging OSV.dev’s open API, it scans pyproject.toml and requirements.txt files to identify known CVEs, helping teams close security gaps before deployment.

How Python Vulnerability Lookup Works

Simply paste your dependency file or enter a GitHub repository URL. The tool fetches package names and versions, cross-references them against OSV.dev’s comprehensive vulnerability database, and returns a clear list of affected packages with severity ratings. No installation required—just open, scan, and act.

Support for pyproject.toml vs requirements.txt

Unlike older scanners that only support requirements.txt, Python Vulnerability Lookup fully parses modern pyproject.toml files, including [project.dependencies] and [tool.poetry.dependencies] sections. This ensures compatibility with modern Python projects using Poetry, Hatch, or Flit.

Integrating with CI/CD Pipelines

While designed for quick manual audits, the tool’s underlying OSV.dev API can be automated in CI/CD workflows. Pair it with GitHub Actions or GitLab CI to run dependency scans on every pull request—complementing tools like Dependabot and Snyk with lightweight, real-time feedback.

Why It Beats Traditional Security Scanners

Traditional tools like Snyk or WhiteSource require complex setup and often slow down pipelines. Python Vulnerability Lookup offers immediate, frictionless visibility: no API keys, no Docker containers, no configuration. It’s ideal for solo devs, startups, and teams lacking dedicated security resources.

Real-World Impact: Reducing Open Source Risk

According to UpGuard, over 70% of breaches stem from unpatched open-source dependencies. In finance and healthcare sectors, a single vulnerable package like requests or django can trigger compliance failures. With Python Vulnerability Lookup, teams perform rapid dependency audits and prioritize patching based on actual CVE exposure.

The tool was built using Claude Code, reflecting the rise of AI-assisted "vibe coding"—a philosophy championed by creator Simon Willison. It proves that powerful security utilities don’t need heavy infrastructure; they need clear focus and open APIs.

For developers managing large Python codebases, this tool transforms security from a compliance checkbox into a natural part of development. As supply chain attacks grow in sophistication, having a lightweight, transparent way to scan for CVEs in pyproject.toml and requirements.txt isn’t optional—it’s essential.