Packagist Package Vulnerabilities

All 919 PHP / Composer packages with known CVEs, ranked by live CVE volume — 5,797 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.

  1. 101.croogo/croogo10 CVEs
  2. 102.phpseclib/phpseclib10 CVEs
  3. 103.roundcube/roundcubemail10 CVEs
  4. 104.spatie/browsershot10 CVEs
  5. 105.ssddanbrown/bookstack10 CVEs
  6. 106.symfony/http-foundation10 CVEs
  7. 107.wallabag/wallabag10 CVEs
  8. 108.concrete5/core9 CVEs
  9. 109.flarum/core9 CVEs
  10. 110.in2code/powermail9 CVEs
  11. 111.kevinpapst/kimai29 CVEs
  12. 112.krayin/laravel-crm9 CVEs
  13. 113.pimcore/customer-management-framework-bundle9 CVEs
  14. 114.starcitizentools/citizen-skin9 CVEs
  15. 115.backdrop/backdrop8 CVEs
  16. 116.codiad/codiad8 CVEs
  17. 117.gilacms/gila8 CVEs
  18. 118.guzzlehttp/guzzle8 CVEs
  19. 119.joomla/joomla-cms8 CVEs
  20. 120.october/cms8 CVEs
  21. 121.tecnickcom/tcpdf8 CVEs
  22. 122.contao/core7 CVEs
  23. 123.directmailteam/direct-mail7 CVEs
  24. 124.ezsystems/ezpublish-kernel7 CVEs
  25. 125.in2code/femanager7 CVEs
  26. 126.october/backend7 CVEs
  27. 127.shopxo/shopxo7 CVEs
  28. 128.silverstripe/graphql7 CVEs
  29. 129.simplesamlphp/saml27 CVEs
  30. 130.symfony/http-kernel7 CVEs
  31. 131.twbs/bootstrap7 CVEs
  32. 132.typo3/cms-form7 CVEs
  33. 133.unopim/unopim7 CVEs
  34. 134.vrana/adminer7 CVEs
  35. 135.wpglobus/wpglobus7 CVEs
  36. 136.yiisoft/yii2-dev7 CVEs
  37. 137.api-platform/core6 CVEs
  38. 138.drupal/core-recommended6 CVEs
  39. 139.dweeves/magmi6 CVEs
  40. 140.gleez/cms6 CVEs
  41. 141.icecoder/icecoder6 CVEs
  42. 142.nystudio107/craft-seomatic6 CVEs
  43. 143.october/rain6 CVEs
  44. 144.pear/archive_tar6 CVEs
  45. 145.phpMyFAQ/phpMyFAQ6 CVEs
  46. 146.privatebin/privatebin6 CVEs
  47. 147.processwire/processwire6 CVEs
  48. 148.silverstripe/assets6 CVEs
  49. 149.symfony/ux-live-component6 CVEs
  50. 150.typo3/cms-install6 CVEs

Which Packagist packages run in YOUR stack?

EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.

Start Free Scan →