Colosseum

Open Source Security Reports

In-depth security analysis of popular Python projects. See what traditional scanners like Bandit and Semgrep miss.

zen

5Go
A

A worktree orchestrator for AI-assisted PR reviews and feature work with Claude Code.

197
Total findings
197
Unique to Colosseum
vs Bandit + SemgrepView Report

markitdown

87KPython
B

Python tool for converting files and office documents to Markdown.

2,108
Total findings
2,108
Unique to Colosseum
vs Bandit + SemgrepView Report

pybroker

3.2KPython
A

Algorithmic Trading in Python with Machine Learning

1,692
Total findings
1,692
Unique to Colosseum
vs Bandit + SemgrepView Report

whisper

95KPython
B

Robust Speech Recognition via Large-Scale Weak Supervision

888
Total findings
888
Unique to Colosseum
vs Bandit + SemgrepView Report

click

17KPython
A

Python composable command line interface toolkit

1,272
Total findings
1,272
Unique to Colosseum
vs Bandit + SemgrepView Report

requests

54KPython
A

A simple, yet elegant, HTTP library.

658
Total findings
658
Unique to Colosseum
vs Bandit + SemgrepView Report

flask

71KPython
A

The Python micro framework for building web applications.

866
Total findings
866
Unique to Colosseum
vs Bandit + SemgrepView Report

cli

38KPython
A

HTTPie CLI - modern, user-friendly command-line HTTP client for the API era.

958
Total findings
958
Unique to Colosseum
vs Bandit + SemgrepView Report

koalixcrm

576Python
B

Open Source Python CRM and ERP based on Django

1,204
Total findings
1,204
Unique to Colosseum
vs Bandit + SemgrepView Report

rq

11KPython
B

Simple job queues for Python

1,694
Total findings
1,694
Unique to Colosseum
vs Bandit + SemgrepView Report

fail2ban

17KPython
B

Daemon to ban hosts that cause multiple authentication errors

2,462
Total findings
2,462
Unique to Colosseum
vs Bandit + SemgrepView Report

bitcart

889Python
A

Free and open-source self-hosted payment processor for BTC, LTC, BCH, XMR, ETH, TRX, USDT and more

1,862
Total findings
1,862
Unique to Colosseum
vs Bandit + SemgrepView Report

social-core

904Python
C

Python Social Auth - Core

4,816
Total findings
4,816
Unique to Colosseum
vs Bandit + SemgrepView Report

Flask-AppBuilder

4.9KPython
D

Simple and rapid application development framework, built on top of Flask.

13,589
Total findings
13,589
Unique to Colosseum
vs Bandit + SemgrepView Report

paramiko

9.7KPython
B

The leading native Python SSHv2 protocol library.

3,387
Total findings
3,387
Unique to Colosseum
vs Bandit + SemgrepView Report

transformers

156KPython
F

State-of-the-art machine learning framework for text, vision, audio, and multimodal models — inference and training.

24,183
Total findings
24,183
Unique to Colosseum
vs Bandit + SemgrepView Report

tweepy

11KPython
F

Twitter for Python!

1,190
Total findings
1,190
Unique to Colosseum
vs Bandit + SemgrepView Report

OpenClaw

157KTypeScript
C

Open-source AI personal assistant with 157K GitHub stars. Supports WhatsApp, Telegram, Slack, Discord, and more. Built by the creator of PSPDFKit.

219
Total findings
216
Unique to Colosseum
vs Bandit + SemgrepView Report

OpenHands

68KPython
D

AI-powered coding agent that can write code, run commands, and browse the web.

17,227
Total findings
17,187
Unique to Colosseum
vs Bandit + SemgrepView Report

langflow

144KPython
D

A visual framework for building multi-agent and RAG applications.

22,692
Total findings
22,657
Unique to Colosseum
vs Bandit + SemgrepView Report

About These Reports

These reports demonstrate deep code analysis on real-world open source projects. Each scan identifies security vulnerabilities, code quality issues, performance bottlenecks, and architectural concerns — then compares results side-by-side against traditional tools like Bandit and Semgrep.

The goal is transparency: show exactly what gets found, what traditional tools miss, and why modern analysis techniques matter for production Python codebases.

Want your repository analyzed?

Start Free Scan