Packagist Package Vulnerabilities
All 919 PHP / Composer packages with known CVEs, ranked by live CVE volume — 5,796 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.
- 1.moodle/moodle435 CVEs
- 2.magento/community-edition353 CVEs
- 3.magento/project-community-edition161 CVEs
- 4.pimcore/pimcore124 CVEs
- 5.dolibarr/dolibarr123 CVEs
- 6.typo3/cms116 CVEs
- 7.drupal/core110 CVEs
- 8.phpmyadmin/phpmyadmin107 CVEs
- 9.microweber/microweber105 CVEs
- 10.thorsten/phpmyfaq100 CVEs
- 11.typo3/cms-core98 CVEs
- 12.librenms/librenms93 CVEs
- 13.symfony/symfony88 CVEs
- 14.craftcms/cms73 CVEs
- 15.concrete5/concrete572 CVEs
- 16.drupal/drupal68 CVEs
- 17.getgrav/grav66 CVEs
- 18.mantisbt/mantisbt62 CVEs
- 19.wwbn/avideo59 CVEs
- 20.froxlor/froxlor50 CVEs
- 21.mautic/core49 CVEs
- 22.baserproject/basercms47 CVEs
- 23.getkirby/cms47 CVEs
- 24.shopware/platform47 CVEs
- 25.snipe/snipe-it47 CVEs
- 26.nilsteampassnet/teampass42 CVEs
- 27.showdoc/showdoc42 CVEs
- 28.intelliants/subrion41 CVEs
- 29.shopware/core39 CVEs
- 30.phpmyfaq/phpmyfaq37 CVEs
- 31.admidio/admidio36 CVEs
- 32.ci4-cms-erp/ci4ms36 CVEs
- 33.silverstripe/framework36 CVEs
- 34.contao/core-bundle31 CVEs
- 35.prestashop/prestashop29 CVEs
- 36.mediawiki/core28 CVEs
- 37.phpoffice/phpspreadsheet28 CVEs
- 38.centreon/centreon27 CVEs
- 39.cockpit-hq/cockpit25 CVEs
- 40.funadmin/funadmin25 CVEs
- 41.magento/core24 CVEs
- 42.openmage/magento-lts24 CVEs
- 43.typo3/cms-backend24 CVEs
- 44.remdex/livehelperchat23 CVEs
- 45.shopware/shopware23 CVEs
- 46.contao/contao22 CVEs
- 47.grumpydictator/firefly-iii22 CVEs
- 48.october/system22 CVEs
- 49.phpoffice/phpexcel22 CVEs
- 50.statamic/cms22 CVEs
Which Packagist packages run in YOUR stack?
EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.
Start Free Scan →