pip-audit
https://pypi.org/project/pip-audit/
a tool for scanning Python environments for packages with known vulnerabilities.
https://github.com/pypa/advisory-database
from
https://warehouse.pypa.io/api-reference/json.html
(
GETしてvulnerabilitiesを知る
ことができる)