Packagist Package Vulnerabilities
All 919 PHP / Composer packages with known CVEs, ranked by live CVE volume — 5,804 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.
- 601.islandora/crayfish1 CVE
- 602.ivankristianto/phpwhois1 CVE
- 603.jackalope/jackalope-doctrine-dbal1 CVE
- 604.jambagecom/div20071 CVE
- 605.jasig/phpcas1 CVE
- 606.jcbrand/converse.js1 CVE
- 607.joedolson/my-calendar1 CVE
- 608.joelbutcher/socialstream1 CVE
- 609.johnbillion/query-monitor1 CVE
- 610.joomla/application1 CVE
- 611.joomla/database1 CVE
- 612.joomla/filesystem1 CVE
- 613.joomla/input1 CVE
- 614.joomla/session1 CVE
- 615.joyqi/hyper-down1 CVE
- 616.jsmitty12/phpwhois1 CVE
- 617.jweiland/events21 CVE
- 618.jweiland/kk-downloader1 CVE
- 619.kantorge/yaffa1 CVE
- 620.kazist/phpwhois1 CVE
- 621.kelvinmo/simplejwt1 CVE
- 622.kelvinmo/simplexrd1 CVE
- 623.KnpLabs/knp-snappy1 CVE
- 624.kohana/core1 CVE
- 625.koillection/koillection1 CVE
- 626.kreait/firebase-php1 CVE
- 627.kumbiaphp/kumbiapp1 CVE
- 628.la-haute-societe/tcpdf1 CVE
- 629.laktak/hjson1 CVE
- 630.laminas/laminas-form1 CVE
- 631.laminas/laminas-http1 CVE
- 632.laravel/fortify1 CVE
- 633.laravel/laravel1 CVE
- 634.laravel/passport1 CVE
- 635.laravel/pulse1 CVE
- 636.lara-zeus/artemis1 CVE
- 637.lara-zeus/dynamic-dashboard1 CVE
- 638.lavitto/typo3-form-to-database1 CVE
- 639.lcobucci/jwt1 CVE
- 640.league/flysystem1 CVE
- 641.league/oauth2-server1 CVE
- 642.leantime/leantime1 CVE
- 643.lexik/jwt-authentication-bundle1 CVE
- 644.libreform/libreform1 CVE
- 645.liftkit/database1 CVE
- 646.lightsaml/lightsaml1 CVE
- 647.livehelperchat/livehelperchat1 CVE
- 648.livewire-filemanager/filemanager1 CVE
- 649.livewire/volt1 CVE
- 650.lms/routes1 CVE
Which Packagist packages run in YOUR stack?
EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.
Start Free Scan →