Pypip packages. Their vulnerabilities and dependencies

This dataset is built from two key sources: the PyPi JSON Data repository and the Python Packaging Advisory Database. It aims to support the study of supply chain attacks in the PyPi ecosystem for a university project. The PyPi JSON Data provides detailed metadata on Python packages, including their names, dependencies, and basic vulnerability information. Meanwhile, the Python Packaging Advisory Database offers security alerts, linking packages to known vulnerabilities through CVE identifiers. The goal of this dataset is to simplify the analysis of supply chain attacks, where vulnerabilities in one package can propagate through dependencies, potentially affecting thousands of users. To keep the focus on broader patterns, package versions are not tracked—a decision that reduces complexity and allows for a more accessible study of how vulnerabilities spread throughout the ecosystem. By combining package metadata and security data, this dataset offers a powerful tool for examining risks within the PyPi ecosystem, supporting research into one of today's most significant challenges in software security.