Fix Outdated Python Dependencies PyPI
Scan requirements.txt for CVEs and get a patched version. Fix outdated Python packages with known vulnerabilities — no pip-audit install needed.
⚠ The Problem
Your requirements.txt contains packages with known CVEs. pip list --outdated shows stale packages but doesn't tell you which ones are dangerous.
Bad Configuration — requirements.txt
requests==2.25.1 Django==3.1.0 pillow==8.0.0
Fixed Configuration — requirements.txt
requests==2.31.0 Django==4.2.13 pillow==10.3.0
✓ Fix
requests 2.25.1 (CVE-2023-32681), Django 3.1.0 (multiple CVEs), Pillow 8.0.0 (CVE-2021-27921). Update to the safe versions above. After updating, run pip install -r requirements.txt.
Scan your dependencies now — paste your manifest, get a fixed version back in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
Frequently Asked Questions
How do I scan Python requirements.txt for CVEs without pip-audit?
Paste your requirements.txt into PackageFix. It queries the OSV database live — no CLI install needed.
Does PackageFix support poetry.lock?
Yes. Drop poetry.lock alongside requirements.txt for full transitive dependency scanning.
What is the OSV database?
The Open Source Vulnerability database maintained by Google. It aggregates CVEs from NVD, GitHub Advisory Database, and ecosystem-specific sources. Updated daily.
How do I fix unpinned Python dependencies?
PackageFix flags requirements like 'requests' (no version) as unpinned. Pin to the latest safe version: requests==2.31.0.