Pip-audit: Google-backed tool probes Python environments for vulnerable packages
Pip-audit leverages the PyPI JSON API to compare dependencies against the Python Packaging Advisory Database – a repository of security advisories that collects much of its data from the NVD CVE feed.
