Dangerous Packages

BinComp Dashboard →

Python packages ranked by binary-level compound risk. Risk combines ROP gadget count, missing hardening (partial RELRO, no canary, no FORTIFY), unsafe libc calls, and known CVEs against the package or its bundled shared libraries.

474

Scanned Packages

114,462.0

Total Gadgets

61,328.0

GOT Entries

894.0

Binaries Scanned

255.7

Avg Compound Risk

Hardening Grade Distribution

B: 1C: 5D: 16F: 65N: 387

Sort: Risk Gadgets GOT Grade

Per-row analysis by Repobility · https://repobility.com
#	Package	Grade	Compound Risk	Gadgets	GOT	Bins	Unsafe Calls	R/C/F	Size
Repobility — the code-quality scanner for AI-generated software · https://repobility.com
1	pillow 12.2.0	F	12554.2	7,101	521	26	14	2/1/1	17.4 MB
2	urllib3 2.6.3	N	11455.3	0	0	0	0	0/0/0	0.0 MB
3	transformers 5.5.3	N	10146.5	0	0	0	0	0/0/0	0.0 MB
4	aiohttp 3.13.5	F	8061.4	354	143	4	0	0/0/0	5.3 MB
5	cryptography 46.0.7	D	7302.1	2,147	184	1	5	1/0/0	12.2 MB
6	fastmcp 3.2.4	N	5776.0	0	0	0	0	0/0/0	0.0 MB
7	semver 3.0.4	N	5565.0	0	0	0	0	0/0/0	0.0 MB
8	litellm 1.83.7	N	5510.8	0	0	0	0	0/0/0	0.0 MB
9	langchain-core 1.2.28	N	5427.6	0	0	0	0	0/0/0	0.0 MB
10	torch 2.11.0	F	5116.6	1,257	20,841	13	17	1/4/1	954.1 MB
11	nltk 3.9.4	N	4931.7	0	0	0	0	0/0/0	0.0 MB
12	authlib 1.6.9	N	4609.5	0	0	0	0	0/0/0	0.0 MB
13	jinja2 3.1.6	N	4187.0	0	0	0	0	0/0/0	0.0 MB
14	requests 2.33.1	N	3687.0	0	0	0	0	0/0/0	0.0 MB
15	langsmith 0.7.31	N	2115.7	0	0	0	0	0/0/0	0.0 MB
16	gunicorn 25.3.0	N	2072.4	0	0	0	0	0/0/0	0.0 MB
17	pygments 2.20.0	N	2032.8	0	0	0	0	0/0/0	0.0 MB
18	black 26.3.1	F	1959.8	992	837	30	0	0/0/0	4.7 MB
19	pyjwt 2.12.1	N	1770.0	0	0	0	0	0/0/0	0.0 MB
20	python-multipart 0.0.26	N	1658.9	0	0	0	0	0/0/0	0.0 MB
21	starlette 1.0.0	N	1608.0	0	0	0	0	0/0/0	0.0 MB
22	notebook 7.5.5	N	1006.9	0	0	0	0	0/0/0	0.0 MB
23	mcp 1.27.0	N	971.5	0	0	0	0	0/0/0	0.0 MB
24	werkzeug 3.1.8	N	865.8	0	0	0	0	0/0/0	0.0 MB
25	anthropic 0.95.0	N	846.6	0	0	0	0	0/0/0	0.0 MB
26	markdown 3.10.2	N	787.5	0	0	0	0	0/0/0	0.0 MB
27	ipython 9.12.0	N	738.0	0	0	0	0	0/0/0	0.0 MB
28	json5 0.14.0	N	724.2	0	0	0	0	0/0/0	0.0 MB
29	protobuf 7.34.1	F	658.5	239	27	1	1	0/0/0	0.4 MB
30	nbconvert 7.17.1	N	631.7	0	0	0	0	0/0/0	0.0 MB
31	flask 3.1.3	N	574.2	0	0	0	0	0/0/0	0.0 MB
32	tornado 6.5.5	F	561.8	5	4	1	0	0/0/0	0.0 MB
33	h11 0.16.0	N	546.0	0	0	0	0	0/0/0	0.0 MB
34	brotli 1.2.0	F	465.0	349	12	1	0	0/0/0	4.9 MB
35	h2 4.3.0	N	457.5	0	0	0	0	0/0/0	0.0 MB
36	jupyter-core 5.9.1	N	403.9	0	0	0	0	0/0/0	0.0 MB
37	pyasn1 0.6.3	N	382.5	0	0	0	0	0/0/0	0.0 MB
38	filelock 3.25.2	N	342.0	0	0	0	0	0/0/0	0.0 MB
39	orjson 3.11.8	D	336.6	215	84	1	0	1/0/0	0.2 MB
40	marshmallow 4.3.0	N	265.0	0	0	0	0	0/0/0	0.0 MB
41	pymysql 1.1.2	N	264.6	0	0	0	0	0/0/0	0.0 MB
42	pymongo 4.16.0	F	263.2	413	128	8	0	0/0/0	2.9 MB
43	rsa 4.9.1	N	224.0	0	0	0	0	0/0/0	0.0 MB
44	pymupdf 1.27.2.2	F	188.8	2,467	856	4	6	0/1/0	50.4 MB
45	fonttools 4.62.1	F	144.9	667	235	6	0	0/0/0	10.7 MB
46	virtualenv 21.2.1	N	126.0	0	0	0	0	0/0/0	0.0 MB
47	zipp 3.23.0	N	124.0	0	0	0	0	0/0/0	0.0 MB
48	jaraco-context 6.1.2	N	120.4	0	0	0	0	0/0/0	0.0 MB
49	deepdiff 9.0.0	N	106.9	0	0	0	0	0/0/0	0.0 MB
50	pip 24.0	N	100.3	0	0	0	0	0/0/0	0.0 MB
51	pyopenssl 26.0.0	N	96.0	0	0	0	0	0/0/0	0.0 MB
52	pydantic-ai-slim 1.80.0	N	86.0	0	0	0	0	0/0/0	0.0 MB
53	ray 2.55.0	F	58.9	935	6,694	11	7	2/2/2	50.0 MB
54	dbt-core 1.11.8	N	53.0	0	0	0	0	0/0/0	0.0 MB
55	bcrypt 5.0.0	D	48.0	363	119	1	1	1/0/0	0.6 MB
56	sentry-sdk 2.57.0	N	35.0	0	0	0	0	0/0/0	0.0 MB
57	pynacl 1.6.2	C	22.5	357	6	1	0	0/1/1	3.5 MB
58	azure-core 1.39.0	N	15.0	0	0	0	0	0/0/0	0.0 MB
59	poetry 2.3.4	N	13.6	0	0	0	0	0/0/0	0.0 MB
60	uv 0.11.6	N	2.1	0	0	0	0	0/0/0	0.0 MB
61	google-api-core 2.30.3	N	0.0	0	0	0	0	0/0/0	0.0 MB
62	markdown-it-py 4.0.0	N	0.0	0	0	0	0	0/0/0	0.0 MB
63	anyio 4.13.0	N	0.0	0	0	0	0	0/0/0	0.0 MB
64	uvicorn 0.44.0	N	0.0	0	0	0	0	0/0/0	0.0 MB
65	google-auth 2.49.2	N	0.0	0	0	0	0	0/0/0	0.0 MB
66	pydantic-core 2.45.0	D	0.0	1,321	207	1	1	1/0/0	4.5 MB
67	python-dateutil 2.9.0.post0	N	0.0	0	0	0	0	0/0/0	0.0 MB
68	multidict 6.7.1	F	0.0	40	18	1	0	0/0/0	0.8 MB
69	yarl 1.23.0	F	0.0	89	36	1	0	0/0/0	0.1 MB
70	jsonschema 4.26.0	N	0.0	0	0	0	0	0/0/0	0.0 MB
71	attrs 26.1.0	N	0.0	0	0	0	0	0/0/0	0.0 MB
72	aiobotocore 3.4.0	N	0.0	0	0	0	0	0/0/0	0.0 MB
73	rich 14.3.4	N	0.0	0	0	0	0	0/0/0	0.0 MB
74	click 8.3.2	N	0.0	0	0	0	0	0/0/0	0.0 MB
75	pytz 2026.1.post1	N	0.0	0	0	0	0	0/0/0	0.0 MB
76	botocore 1.42.88	N	0.0	0	0	0	0	0/0/0	0.0 MB
77	httpcore 1.0.9	N	0.0	0	0	0	0	0/0/0	0.0 MB
78	python-dotenv 1.2.2	N	0.0	0	0	0	0	0/0/0	0.0 MB
79	s3transfer 0.16.0	N	0.0	0	0	0	0	0/0/0	0.0 MB
80	typing-inspection 0.4.2	N	0.0	0	0	0	0	0/0/0	0.0 MB
81	cachetools 7.0.5	N	0.0	0	0	0	0	0/0/0	0.0 MB
82	httpx 0.28.1	N	0.0	0	0	0	0	0/0/0	0.0 MB
83	pluggy 1.6.0	N	0.0	0	0	0	0	0/0/0	0.0 MB
84	idna 3.11	N	0.0	0	0	0	0	0/0/0	0.0 MB
85	setuptools 82.0.1	N	0.0	0	0	0	0	0/0/0	0.0 MB
86	tenacity 9.1.4	N	0.0	0	0	0	0	0/0/0	0.0 MB
87	aiohappyeyeballs 2.6.1	N	0.0	0	0	0	0	0/0/0	0.0 MB
88	pathspec 1.0.4	N	0.0	0	0	0	0	0/0/0	0.0 MB
89	pydantic 2.12.5	N	0.0	0	0	0	0	0/0/0	0.0 MB
90	pyparsing 3.3.2	N	0.0	0	0	0	0	0/0/0	0.0 MB
91	pyarrow 23.0.1	F	0.0	8,505	4,660	37	17	0/4/4	132.9 MB
92	opentelemetry-api 1.41.0	N	0.0	0	0	0	0	0/0/0	0.0 MB
93	requests-oauthlib 2.0.0	N	0.0	0	0	0	0	0/0/0	0.0 MB
94	annotated-doc 0.0.4	N	0.0	0	0	0	0	0/0/0	0.0 MB
95	sqlalchemy 2.0.49	F	0.0	376	160	5	0	0/0/0	4.8 MB
96	regex 2026.4.4	F	0.0	216	22	1	0	0/0/0	2.5 MB
97	psutil 7.2.2	F	0.0	19	16	1	1	0/0/0	0.1 MB
98	opentelemetry-semantic-conventions 0.62b0	N	0.0	0	0	0	0	0/0/0	0.0 MB
99	hatchling 1.29.0	N	0.0	0	0	0	0	0/0/0	0.0 MB
100	importlib-metadata 9.0.0	N	0.0	0	0	0	0	0/0/0	0.0 MB

Data from the BinComp PyPI crawler. One row per (package, version). The crawler runs continuously and grows this list over time.