Does pip-audit have any known vulnerabilities?

No known CVE vulnerabilities were found for pip-audit v2.10.0 in the brin database.

What capabilities does pip-audit have?

pip-audit has the following detected capabilities: network access, filesystem access, process spawning, environment variable access. Review these before using with AI coding agents.

Can I use pip-audit safely with AI coding agents?

pip-audit has been flagged with risk indicators. Review the detected threats and capabilities before using with AI coding agents. Assessments are automated and may contain errors.

pip-audit

Q: Is pip-audit safe to use?

pip-audit v2.10.0 has warnings detected in the latest brin safety scan. Trust score: 85/100. Review the flagged concerns before use. This is an automated assessment.

PyPI

Is pip-audit safe to use?

The latest brin safety scan flagged pip-audit v2.10.0 with risk indicators that warrant review. No known CVE vulnerabilities. Trust score: 85/100. Review the findings below before use. This is an automated assessment and may contain errors.

Install (safety-checked)

pip-audit Has Warnings

Warnings detected due to potential concerns

warning

CVEs

Threats

Install Scripts

Risk Indicators

•Package can spawn child processes

brin Recommendations

→This package has warnings detected. Evaluate the specific concerns before proceeding.

Install with brin add pip-audit to automatically apply these checks before installation.

This is an automated, point-in-time assessment and may contain errors. Findings are risk indicators, not confirmed threats. Security posture may change over time. Maintainers can dispute findings via the brin review process.

pip-audit Capabilities & Permissions

What pip-audit can access when installed. Review these capabilities before using with AI agents like Cursor, Claude Code, or Codex.

Network Access

This package makes network requests.

advisories.ecosyste.msapi.osv.devecosyste.msgithub.comosv.devpip-tools.readthedocs.iopypi.orgstatus.python.orgwarehouse.pypa.iowww.python.org

Protocols: https

Filesystem Access

Reads and writes to the filesystem.

.env (rw)setup.py (rw)pyproject.toml (rw).env (rw)pyproject.toml (rw)requirements.txt (rw)/tmp/ (rw).env (rw)

Process Spawning

This package can spawn child processes.

Environment Variables

Accesses the following environment variables.

PIPAPI_PYTHON_LOCATIONPIP_AUDIT_DESCPIP_AUDIT_FORMATPIP_AUDIT_LOGLEVELPIP_AUDIT_OSV_URLPIP_AUDIT_OUTPUTPIP_AUDIT_PROGRESS_SPINNERPIP_AUDIT_VULNERABILITY_SERVICEPIP_NO_CACHE_DIRVIRTUAL_ENV

AGENTS.md for pip-audit

Good instructions lead to good results. brin adds pip-audit documentation to your AGENTS.md so your agent knows how to use it properly—improving both safety and performance.

brin init

Vercel's research: 100% accuracy with AGENTS.md vs 53% without →

pip-audit Documentation & Source Code

For the full pip-audit README, API documentation, and source code, visit the official package registry.

View on PyPI

Frequently asked questions about pip-audit safety

Install (safety-checked)

Weekly Downloads

1.2M

Version

2.10.0

Last Scanned

Feb 5, 2026

Trust Score

85/100·Legitimacy signals, not safety

Capabilities

Network

Connects to: advisories.ecosyste.ms, api.osv.dev, ecosyste.ms...

Filesystem

Reads & Writes files

Process

Spawns child processes

Environment

Accesses: PIPAPI_PYTHON_LOCATION, PIP_AUDIT_DESC, PIP_AUDIT_FORMAT...