pacaudit - v.1.1.2
pacaudit v1.1.2 was released, install it via trizen or any other AUR pkg manager and read the man page.
trizen -S pacaudit man pacaudit
pacaudit has a alpm-hook (since v1.1.1), so you will get a warning if you try to install a vulnerable package. v1.1.2 checks if security.archlinux.org is up and running. If not a message is shown and pacaudit returns without checking local packages.
Comments on AUR, github or via email are highly appreciated!