Packagist Package Vulnerabilities
All 919 PHP / Composer packages with known CVEs, ranked by live CVE volume — 5,797 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.
- 101.croogo/croogo10 CVEs
- 102.phpseclib/phpseclib10 CVEs
- 103.roundcube/roundcubemail10 CVEs
- 104.spatie/browsershot10 CVEs
- 105.ssddanbrown/bookstack10 CVEs
- 106.symfony/http-foundation10 CVEs
- 107.wallabag/wallabag10 CVEs
- 108.concrete5/core9 CVEs
- 109.flarum/core9 CVEs
- 110.in2code/powermail9 CVEs
- 111.kevinpapst/kimai29 CVEs
- 112.krayin/laravel-crm9 CVEs
- 113.pimcore/customer-management-framework-bundle9 CVEs
- 114.starcitizentools/citizen-skin9 CVEs
- 115.backdrop/backdrop8 CVEs
- 116.codiad/codiad8 CVEs
- 117.gilacms/gila8 CVEs
- 118.guzzlehttp/guzzle8 CVEs
- 119.joomla/joomla-cms8 CVEs
- 120.october/cms8 CVEs
- 121.tecnickcom/tcpdf8 CVEs
- 122.contao/core7 CVEs
- 123.directmailteam/direct-mail7 CVEs
- 124.ezsystems/ezpublish-kernel7 CVEs
- 125.in2code/femanager7 CVEs
- 126.october/backend7 CVEs
- 127.shopxo/shopxo7 CVEs
- 128.silverstripe/graphql7 CVEs
- 129.simplesamlphp/saml27 CVEs
- 130.symfony/http-kernel7 CVEs
- 131.twbs/bootstrap7 CVEs
- 132.typo3/cms-form7 CVEs
- 133.unopim/unopim7 CVEs
- 134.vrana/adminer7 CVEs
- 135.wpglobus/wpglobus7 CVEs
- 136.yiisoft/yii2-dev7 CVEs
- 137.api-platform/core6 CVEs
- 138.drupal/core-recommended6 CVEs
- 139.dweeves/magmi6 CVEs
- 140.gleez/cms6 CVEs
- 141.icecoder/icecoder6 CVEs
- 142.nystudio107/craft-seomatic6 CVEs
- 143.october/rain6 CVEs
- 144.pear/archive_tar6 CVEs
- 145.phpMyFAQ/phpMyFAQ6 CVEs
- 146.privatebin/privatebin6 CVEs
- 147.processwire/processwire6 CVEs
- 148.silverstripe/assets6 CVEs
- 149.symfony/ux-live-component6 CVEs
- 150.typo3/cms-install6 CVEs
Which Packagist packages run in YOUR stack?
EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.
Start Free Scan →