#archlinux #security

bin+lib arch-audit

A utility like pkg-audit for Arch Linux based on Arch Security Team data

20 releases

0.1.20 Sep 2, 2021
0.1.19 Apr 3, 2021
0.1.17 Feb 17, 2021
0.1.15 Mar 3, 2020
0.1.5 Nov 8, 2016

#2073 in Command line utilities

Download history 13/week @ 2023-08-11 28/week @ 2023-08-18 48/week @ 2023-08-25 28/week @ 2023-09-01 11/week @ 2023-09-08 11/week @ 2023-09-15 8/week @ 2023-09-22 12/week @ 2023-09-29 10/week @ 2023-10-06 10/week @ 2023-10-13 16/week @ 2023-10-20 36/week @ 2023-10-27 16/week @ 2023-11-03 14/week @ 2023-11-10 34/week @ 2023-11-17 55/week @ 2023-11-24

123 downloads per month
Used in arch-audit-gtk

MIT and GPL-3.0 licenses

898 lines


crats.io Build Status FOSSA Status

pkg-audit-like utility for Arch Linux.

Based on data from security.archlinux.org collected by the awesome Arch Security Team.


Latest release from official repositories

pacman -S arch-audit

Development version from AUR

The PKGBUILD is available on AUR.

After the installation just execute arch-audit.

Development version from sources

git clone https://github.com/ilpianista/arch-audit
cd arch-audit
cargo build
cargo run


Completions are generated using the completions subcommand of arch-audit and are available for various shells like zsh, bash, fish and more:

arch-audit completions zsh > /usr/share/zsh/site-functions/_arch-audit
arch-audit completions bash > /usr/share/bash-completion/completions/arch-audit
arch-audit completions fish > /usr/share/fish/vendor_completions.d/arch-audit.fish

Example output

$ arch-audit
bzip2 is affected by CVE-2016-3189. Medium risk!
curl is affected by CVE-2016-9594, CVE-2016-9586. Update to 7.52.1-1!
gst-plugins-bad is affected by CVE-2016-9447, CVE-2016-9446, CVE-2016-9445. High risk!
jasper is affected by CVE-2016-8886. Medium risk!
libimobiledevice is affected by CVE-2016-5104. Low risk!
libtiff is affected by CVE-2015-7554. Critical risk!
libusbmuxd is affected by CVE-2016-5104. Low risk!
openjpeg2 is affected by CVE-2016-9118, CVE-2016-9117, CVE-2016-9116, CVE-2016-9115, CVE-2016-9114, CVE-2016-9113. High risk!
openssl is affected by CVE-2016-7055. Low risk!

$ arch-audit --upgradable --quiet

$ arch-audit -uf "%n|%c"


Donations via Liberapay or Bitcoin (1Ph3hFEoQaD4PK6MhL3kBNNh9FZFBfisEH) are always welcomed, thank you!

False Positive

Please before reporting false positive check https://security.archlinux.org first. arch-audit parses that page and then if that page reports a false positive, arch-audit will do too. Get in touch with the Arch Linux Security team via IRC at freenode#archlinux-security. Thanks!



FOSSA Status


~409K SLoC