This package is abandoned and no longer maintained. No replacement package was suggested.

The database as json file.

dev-master 2021-06-11 05:00 UTC

This package is auto-updated.

Last update: 2023-03-26 11:34:32 UTC


68747470733a2f2f696d672e736869656c64732e696f2f7472617669732f6e6172726f77737061726b2f73656375726974792d61647669736f726965732f6d61737465722e7376673f6c6f6e6743616368653d66616c7365267374796c653d666c61742d737175617265 68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d627269676874677265656e2e7376673f7374796c653d666c61742d737175617265

This project is responsible for generating a PHP Security Advisories Database as a JSON file.


This package can only be required in its dev-master version: there will never be stable/tagged versions because of the nature of the problem being targeted. Security issues are in fact a moving target, and locking your project to a specific tagged version of the package would not make any sense.

This package is therefore only suited for installation in the root of your deployable project.


This package extracts information about existing security issues in various composer projects from the FriendsOfPHP/security-advisories repository and the Github security advisories db.

NOTE: Travis cron is configured to run once a day, to check if PHP Security Advisories Database was updated.

NOTE: The sha in security-advisories-sha file is always the last commit sha of a count of merged security vulnerabilities and git rev-parse --verify HEAD of PHP Security Advisories Database and Github security advisories db.