Tracking security updates for all the dependencies of a project can quickly become tedious. Thankfully we are doing the work for you, so that you can focus on your project instead of tracking changelogs.

Security advisories are tracked through several means: changelogs, cve database, and manual monitoring of packages that had vulnerabilities disclosed. We confirm each advisory manually, so it can take a handful of hours for notifications to be sent.

You can easily check the status of manual monitoring tracking by checking this badge:
Security Status


Directives are simple snippets of code that you can add to your requirements files to alter behavior. For now these directives work only on requirements.txt files (not tox.ini or files).


The filter directive allows you to filter pypi releases before matching them to your requirements.

For example, let say that you want to use the Long Term Support version of Django. Currently it's django 1.11, so you can just add a filter to check your requirements against the 1.11 releases of django:

django==1.11.15  # rq.filter: >=1.11,<1.12

You will then see your requirement as up-to-date... until django 1.11.16 is released.

You can also filter out a single release of a package with a known bug, like this:

pytest==2.8.5  # rq.filter: !=2.8.6

Badges provides badges to track projects status. These sleek looking badges were generated using the awesome

Example: badge for the celery project:

Old "plastic" style: