Home

Awesome

PHP Security Advisories Database

The PHP Security Advisories Database references known security vulnerabilities in various PHP projects and libraries. This database must not serve as the primary source of information for security issues, it is not authoritative for any referenced software, but it allows to centralize information for convenience and easy consumption.

License

The PHP security advisories database is free and unencumbered software released into the public domain.

Checking for Vulnerabilities

To check for vulnerabilities in your applications beside manual checks, you should use the Local CLI tool:

    local-php-security-checker --path=/path/to/composer.lock

TIP: If you are using Github, you can use the PHP Security Checker Github Action to automatically check for vulnerabilities when pushing code.

Contributing

Contributing security advisories is as easy as it can get:

If some affected code is available through different Composer entries (like when you have read-only subtree splits of a main repository), duplicate the information in several files.