More infos about this python package can be found here.
pip-audit is a tool for scanning Python environments for packages with known vulnerabilities. It uses the Python Packaging Advisory Database (https://github.com/pypa/advisory-database) via the PyPI JSON API as a source of vulnerability reports.
I tested this package feature for colab google with these python packages: unionml, pandas, sklearn and pip-audit.
You can see all vulnerabilities or you can use argument --desc for more information:
!pip-audit
- Auditing zipp (3.8.0)
Found 54 known vulnerabilities in 14 packages
Name Version ID Fix Versions
------------- -------- ------------------- ----------------------------
dask 2.12.0 PYSEC-2021-387 2021.10.0
distributed 1.25.3 GHSA-j8fq-86c5-5v2r 2021.10.0
httplib2 0.17.4 PYSEC-2020-46 0.18.0
httplib2 0.17.4 PYSEC-2021-16 0.19.0
ipython 5.5.0 PYSEC-2022-12 6.0.0rc1,7.16.3,7.31.1,8.0.1
lxml 4.2.6 PYSEC-2021-19 4.6.3
lxml 4.2.6 PYSEC-2020-62 4.6.2
lxml 4.2.6 PYSEC-2021-852 4.6.5
mpmath 1.2.1 PYSEC-2021-427
notebook 5.3.1 PYSEC-2018-18 5.7.2
notebook 5.3.1 PYSEC-2019-158 5.7.8
notebook 5.3.1 PYSEC-2018-57 5.4.1
notebook 5.3.1 PYSEC-2018-17 5.7.1
notebook 5.3.1 PYSEC-2019-159 5.7.6
notebook 5.3.1 PYSEC-2019-157 5.5.0
notebook 5.3.1 PYSEC-2020-215 6.1.5
notebook 5.3.1 PYSEC-2022-180 6.4.10
notebook 5.3.1 PYSEC-2022-212 6.4.12
notebook 5.3.1 GHSA-hwvq-6gjx-j797 5.7.11,6.4.1
notebook 5.3.1 GHSA-rv62-4pmj-xw6h 5.7.8
numpy 1.21.6 GHSA-fpfv-jqm9-f5jm 1.22
opencv-python 4.1.2.30 GHSA-8849-5h85-98qw
opencv-python 4.1.2.30 GHSA-m6vm-8g8v-xfjh
opencv-python 4.1.2.30 GHSA-q799-q27x-vp7w 4.2.0.32
pillow 7.1.2 PYSEC-2021-137 8.2.0
pillow 7.1.2 PYSEC-2021-138 8.2.0
pillow 7.1.2 PYSEC-2021-70 8.1.0
pillow 7.1.2 PYSEC-2021-331 8.3.0
pillow 7.1.2 PYSEC-2021-41 8.1.1
pillow 7.1.2 PYSEC-2021-71 8.1.0
pillow 7.1.2 PYSEC-2021-69 8.1.0
pillow 7.1.2 PYSEC-2021-38 8.1.1
pillow 7.1.2 PYSEC-2021-139 8.2.0
pillow 7.1.2 PYSEC-2021-94 8.2.0
pillow 7.1.2 PYSEC-2021-39 8.1.1
pillow 7.1.2 PYSEC-2021-36 8.1.1
pillow 7.1.2 PYSEC-2021-40 8.1.1
pillow 7.1.2 PYSEC-2021-37 8.1.1
pillow 7.1.2 PYSEC-2021-317 8.3.2
pillow 7.1.2 PYSEC-2021-35 8.1.1
pillow 7.1.2 PYSEC-2021-93 8.2.0
pillow 7.1.2 PYSEC-2021-42 8.1.1
pillow 7.1.2 PYSEC-2021-92 8.2.0
pillow 7.1.2 PYSEC-2022-10 9.0.0
pillow 7.1.2 PYSEC-2022-9 9.0.0
pillow 7.1.2 PYSEC-2022-8 9.0.0
pillow 7.1.2 PYSEC-2022-168 9.0.1
pillow 7.1.2 GHSA-jgpv-4h4c-xhw3 8.1.2
pillow 7.1.2 GHSA-4fx9-vc88-q2xc 9.0.0
psutil 5.4.8 PYSEC-2019-41 5.6.6
pygments 2.6.1 PYSEC-2021-140 2.7.4
pygments 2.6.1 PYSEC-2021-141 2.7.4
urllib3 1.25.11 PYSEC-2021-108 1.26.5
werkzeug 1.0.1 PYSEC-2022-203 2.1.1
Name Skip Reason
----------------------- ------------------------------------------------------------------------------------------------
dlib Dependency not found on PyPI and could not be audited: dlib (19.18.0+zzzcolab20220513001918)
en-core-web-sm Dependency not found on PyPI and could not be audited: en-core-web-sm (3.3.0)
jaxlib Dependency not found on PyPI and could not be audited: jaxlib (0.3.7+cuda11.cudnn805)
pygobject Dependency not found on PyPI and could not be audited: pygobject (3.26.1)
screen-resolution-extra Dependency not found on PyPI and could not be audited: screen-resolution-extra (0.0.0)
tensorflow Dependency not found on PyPI and could not be audited: tensorflow (2.8.2+zzzcolab20220527125636)
torch Dependency not found on PyPI and could not be audited: torch (1.11.0+cu113)
torchaudio Dependency not found on PyPI and could not be audited: torchaudio (0.11.0+cu113)
torchvision Dependency not found on PyPI and could not be audited: torchvision (0.12.0+cu113)
xkit Dependency not found on PyPI and could not be audited: xkit (0.0.0)