OSS Security Knowledge Base
Tracking whether popular open-source packages have been security audited. Not just “what went wrong” — but “has anyone looked?”
15packages tracked
4audited
11unaudited
dotnet1 packages
| Package | Status |
|---|---|
| Newtonsoft.Json | advisory-mapped |
homebrew1 packages
| Package | Status |
|---|---|
| openssl@3 | baseline stub |
kubernetes1 packages
| Package | Status |
|---|---|
| kube-apiserver | audit-ingested |
linux1 packages
| Package | Status |
|---|---|
| openssl | baseline stub |
npm9 packages
| Package | Status |
|---|---|
| axios | advisory-mapped |
| express | audit-ingested |
| js-yaml | audit-ingested |
| jsonwebtoken | advisory-mapped |
| koa-router | baseline stub |
| lodash | audit-ingested |
| minimist | advisory-mapped |
| path-to-regexp | unknown |
| semver | advisory-mapped |
python1 packages
| Package | Status |
|---|---|
| requests | advisory-mapped |
rust1 packages
| Package | Status |
|---|---|
| serde | baseline stub |