Security
Dependency CVE Scanner
Paste a list of npm or pip dependencies in package@version format to check them against a curated set of known high-severity CVEs, including log4j, lodash, axios, and 9 others. Results are instant and entirely client-side.
No data is transmitted โ everything runs locallyTool
About this tool
Dependency CVE Scanner
The Dependency CVE Scanner checks npm and pip package lists against known high-severity CVEs including Log4Shell, allowing rapid triage before automated scanning tools run.
โข Triage a dependency list before a security review
โข Check whether log4j is in a project before patching
โข Quickly assess a package.json or requirements.txt for known risks
โข Generate evidence for a compliance audit
Next step
Alerting Threshold Calculator โ Compute multi-window SLO burn rate alert thresholds from the Google SRE Workbook method.
Open Alerting Threshold Calculator โ
FAQ
What does this tool tell you?
The Dependency CVE Scanner checks npm and pip package lists against known high-severity CVEs including Log4Shell, allowing rapid triage before automated scanning tools run.
What affects the result most?
Package name and version (exact match required). Ecosystem (npm vs pip โ different CVE databases). CVE severity (Critical/High/Medium/Low).
How should I use the result?
A positive detection is a signal, not a conclusion. Investigate each hit in context โ the tool flags what matches known patterns, and a human has to decide whether the match is meaningful for this specific code or configuration.
Related tools