Packagist2272 advisories

Packagist security advisories

Most-affected Packagist packages

wwbn/avideo — 128 advisories
magento/community-edition — 102 advisories
moodle/moodle — 89 advisories
typo3/cms — 71 advisories
drupal/core — 63 advisories
craftcms/cms — 62 advisories
magento/project-community-edition — 60 advisories
silverstripe/framework — 58 advisories
typo3/cms-core — 55 advisories
symfony/symfony — 47 advisories
librenms/librenms — 46 advisories
getgrav/grav — 41 advisories
admidio/admidio — 39 advisories
ci4-cms-erp/ci4ms — 36 advisories
thorsten/phpmyfaq — 32 advisories
shopware/core — 29 advisories
mantisbt/mantisbt — 28 advisories
shopware/platform — 27 advisories
getkirby/cms — 26 advisories
phpmyfaq/phpmyfaq — 26 advisories

Latest Packagist advisories

CVE-2026-55767 — medium · Packagist/guzzlehttp/guzzle
CVE-2026-55766 — medium · Packagist/guzzlehttp/psr7
CVE-2026-55568 — medium · Packagist/guzzlehttp/guzzle
CVE-2026-55375 — medium · Packagist/jleehr/canto-saas-api
CVE-2026-55374 — medium · Packagist/jleehr/canto-saas-api
GHSA-5739-39v2-5754#web-token/jwt-framework — medium · Packagist/web-token/jwt-framework
GHSA-5739-39v2-5754#web-token/jwt-library — medium · Packagist/web-token/jwt-library
GHSA-jc38-x7x8-2xc8#web-token/jwt-library — high · Packagist/web-token/jwt-library
GHSA-jc38-x7x8-2xc8#web-token/jwt-framework — high · Packagist/web-token/jwt-framework
GHSA-3prj-6hqw-cm82#web-token/jwt-framework — high · Packagist/web-token/jwt-framework
GHSA-3prj-6hqw-cm82#web-token/jwt-library — high · Packagist/web-token/jwt-library
GHSA-6vvh-pxr4-25r7#web-token/jwt-library — medium · Packagist/web-token/jwt-library
GHSA-6vvh-pxr4-25r7#web-token/jwt-experimental — medium · Packagist/web-token/jwt-experimental
GHSA-2jx3-65f3-xr8r — medium · Packagist/spomky-labs/otphp
GHSA-g7m4-839x-ch6v — high · Packagist/spomky-labs/otphp
CVE-2026-54005 — high · Packagist/getkirby/cms
CVE-2026-54004 — medium · Packagist/getkirby/cms
CVE-2026-54003 — critical · Packagist/getkirby/cms
CVE-2026-54002 — high · Packagist/getkirby/cms
CVE-2026-50188 — medium · Packagist/getkirby/cms
CVE-2026-49276 — high · Packagist/getkirby/cms
CVE-2026-49274 — medium · Packagist/getkirby/cms
CVE-2026-55890 — medium · Packagist/getgrav/grav
CVE-2026-55885 — medium · Packagist/getgrav/grav
CVE-2026-55746 — high · Packagist/cotonti/cotonti
CVE-2026-55745 — medium · Packagist/cotonti/cotonti
CVE-2026-55742 — critical · Packagist/cotonti/cotonti
CVE-2026-55744 — high · Packagist/cotonti/cotonti
CVE-2026-11407 — high · Packagist/pimcore/pimcore
CVE-2026-55808 — medium · Packagist/drupal/core
CVE-2026-55807 — medium · Packagist/drupal/core
CVE-2026-55806 — medium · Packagist/drupal/core
CVE-2026-55804 — medium · Packagist/drupal/core
CVE-2026-55803 — medium · Packagist/drupal/core
CVE-2026-55590 — medium · Packagist/cakephp/authentication
CVE-2026-55409 — high · Packagist/filament/forms
GHSA-crmm-hgp2-wgrp — medium · Packagist/laravel/framework
GHSA-5vg9-5847-vvmq — high · Packagist/laravel/framework
GHSA-m557-wrgg-6rp4 — medium · Packagist/phpseclib/phpseclib
CVE-2026-48784 — medium · Packagist/symfony/symfony

Stateward audits your Packagist dependencies on every pull request and only flags what your code reaches.

Scan my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.