pacaudit audits installed packages on Arch Linux against known vulnerabilities listed on https://security.archlinux.org
gpg --recv-keys 7328F6E376924E4EE266381D3D9C808E038A615C
yaourt -S pacaudit
prints all vulnerable packages by name and the sum of all vulnerable packages
prints all vulnerable packages by name, with CVE, severity and the sum of all vulnerable packages
returns "OK" if no vulnerable packages are installed, "WARNING" if no vulnerable package with severity HIGH or higher is installed and CRITICAL else.