Packagist Package Vulnerabilities

All 922 PHP / Composer packages with known CVEs, ranked by live CVE volume — 5,848 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.

  1. 901.wpcloud/wp-stateless1 CVE
  2. 902.wpmetabox/meta-box1 CVE
  3. 903.xataface/xataface1 CVE
  4. 904.xpressengine/xpressengine1 CVE
  5. 905.yab/quarx1 CVE
  6. 906.yidashi/yii2cmf1 CVE
  7. 907.yii2mod/yii2-cms1 CVE
  8. 908.yiisoft/yii2-elasticsearch1 CVE
  9. 909.yikesinc/yikes-inc-easy-mailchimp-extender1 CVE
  10. 910.yoast/duplicate-post1 CVE
  11. 911.zendframework/zend-cache1 CVE
  12. 912.zendframework/zend-crypt1 CVE
  13. 913.zendframework/zend-diactoros1 CVE
  14. 914.zendframework/zend-http1 CVE
  15. 915.zendframework/zend-mail1 CVE
  16. 916.zendframework/zendxml1 CVE
  17. 917.zenstruck/collection1 CVE
  18. 918.zetacomponents/mail1 CVE
  19. 919.zfcampus/zf-apigility-doctrine1 CVE
  20. 920.zf-commons/zfc-user1 CVE
  21. 921.z-push/z-push-dev1 CVE
  22. 922.zumba/json-serializer1 CVE

Which Packagist packages run in YOUR stack?

EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.

Start Free Scan →