Search

Enter PKSA-, CVE-, or GHSA- IDs to open an advisory

Packagist Security Advisory Feed

Packagist aggregates security advisories from multiple sources to help you stay informed about vulnerabilities in PHP packages:

• GitHub Security Advisories - Advisories published on GitHub's Security Advisory Database
• FriendsOfPHP Security Advisories - Community-curated advisories from the FriendsOfPHP/security-advisories repository

All advisories get assigned a PKSA (Packagist Security Advisory) ID, which is the primary advisory identifier to use in Composer. Advisories may also have associated CVE (Common Vulnerabilities and Exposures) or GHSA (GitHub Security Advisory) identifiers that link to external databases.

You can access security advisory data through our API endpoint, which allows you to:

• Query advisories for specific packages
• Fetch updates since a specific timestamp
• Integrate security checks into your CI/CD pipeline