
Tuesday, June 28, 2022

Python 3.7.13 : About pip-audit version 2.3.4.

More infos about this python package can be found here.
pip-audit is a tool for scanning Python environments for packages with known vulnerabilities. It uses the Python Packaging Advisory Database ( via the PyPI JSON API as a source of vulnerability reports.
I tested this package feature for colab google with these python packages: unionml, pandas, sklearn and pip-audit.
You can see all vulnerabilities or you can use argument --desc for more information:
- Auditing zipp (3.8.0)
Found 54 known vulnerabilities in 14 packages
Name          Version  ID                  Fix Versions
------------- -------- ------------------- ----------------------------
dask          2.12.0   PYSEC-2021-387      2021.10.0
distributed   1.25.3   GHSA-j8fq-86c5-5v2r 2021.10.0
httplib2      0.17.4   PYSEC-2020-46       0.18.0
httplib2      0.17.4   PYSEC-2021-16       0.19.0
ipython       5.5.0    PYSEC-2022-12       6.0.0rc1,7.16.3,7.31.1,8.0.1
lxml          4.2.6    PYSEC-2021-19       4.6.3
lxml          4.2.6    PYSEC-2020-62       4.6.2
lxml          4.2.6    PYSEC-2021-852      4.6.5
mpmath        1.2.1    PYSEC-2021-427
notebook      5.3.1    PYSEC-2018-18       5.7.2
notebook      5.3.1    PYSEC-2019-158      5.7.8
notebook      5.3.1    PYSEC-2018-57       5.4.1
notebook      5.3.1    PYSEC-2018-17       5.7.1
notebook      5.3.1    PYSEC-2019-159      5.7.6
notebook      5.3.1    PYSEC-2019-157      5.5.0
notebook      5.3.1    PYSEC-2020-215      6.1.5
notebook      5.3.1    PYSEC-2022-180      6.4.10
notebook      5.3.1    PYSEC-2022-212      6.4.12
notebook      5.3.1    GHSA-hwvq-6gjx-j797 5.7.11,6.4.1
notebook      5.3.1    GHSA-rv62-4pmj-xw6h 5.7.8
numpy         1.21.6   GHSA-fpfv-jqm9-f5jm 1.22
opencv-python GHSA-8849-5h85-98qw
opencv-python GHSA-m6vm-8g8v-xfjh
opencv-python GHSA-q799-q27x-vp7w
pillow        7.1.2    PYSEC-2021-137      8.2.0
pillow        7.1.2    PYSEC-2021-138      8.2.0
pillow        7.1.2    PYSEC-2021-70       8.1.0
pillow        7.1.2    PYSEC-2021-331      8.3.0
pillow        7.1.2    PYSEC-2021-41       8.1.1
pillow        7.1.2    PYSEC-2021-71       8.1.0
pillow        7.1.2    PYSEC-2021-69       8.1.0
pillow        7.1.2    PYSEC-2021-38       8.1.1
pillow        7.1.2    PYSEC-2021-139      8.2.0
pillow        7.1.2    PYSEC-2021-94       8.2.0
pillow        7.1.2    PYSEC-2021-39       8.1.1
pillow        7.1.2    PYSEC-2021-36       8.1.1
pillow        7.1.2    PYSEC-2021-40       8.1.1
pillow        7.1.2    PYSEC-2021-37       8.1.1
pillow        7.1.2    PYSEC-2021-317      8.3.2
pillow        7.1.2    PYSEC-2021-35       8.1.1
pillow        7.1.2    PYSEC-2021-93       8.2.0
pillow        7.1.2    PYSEC-2021-42       8.1.1
pillow        7.1.2    PYSEC-2021-92       8.2.0
pillow        7.1.2    PYSEC-2022-10       9.0.0
pillow        7.1.2    PYSEC-2022-9        9.0.0
pillow        7.1.2    PYSEC-2022-8        9.0.0
pillow        7.1.2    PYSEC-2022-168      9.0.1
pillow        7.1.2    GHSA-jgpv-4h4c-xhw3 8.1.2
pillow        7.1.2    GHSA-4fx9-vc88-q2xc 9.0.0
psutil        5.4.8    PYSEC-2019-41       5.6.6
pygments      2.6.1    PYSEC-2021-140      2.7.4
pygments      2.6.1    PYSEC-2021-141      2.7.4
urllib3       1.25.11  PYSEC-2021-108      1.26.5
werkzeug      1.0.1    PYSEC-2022-203      2.1.1
Name                    Skip Reason
----------------------- ------------------------------------------------------------------------------------------------
dlib                    Dependency not found on PyPI and could not be audited: dlib (19.18.0+zzzcolab20220513001918)
en-core-web-sm          Dependency not found on PyPI and could not be audited: en-core-web-sm (3.3.0)
jaxlib                  Dependency not found on PyPI and could not be audited: jaxlib (0.3.7+cuda11.cudnn805)
pygobject               Dependency not found on PyPI and could not be audited: pygobject (3.26.1)
screen-resolution-extra Dependency not found on PyPI and could not be audited: screen-resolution-extra (0.0.0)
tensorflow              Dependency not found on PyPI and could not be audited: tensorflow (2.8.2+zzzcolab20220527125636)
torch                   Dependency not found on PyPI and could not be audited: torch (1.11.0+cu113)
torchaudio              Dependency not found on PyPI and could not be audited: torchaudio (0.11.0+cu113)
torchvision             Dependency not found on PyPI and could not be audited: torchvision (0.12.0+cu113)
xkit                    Dependency not found on PyPI and could not be audited: xkit (0.0.0)