name: Security Advisories
description: |
Look up known PHP security advisories affecting one or more Composer packages.
The Packagist advisory database aggregates entries from FriendsOfPHP, the GitHub
Advisory Database, and Packagist's own PSA channel. Used by `composer audit` and
by upstream security tooling.
api: packagist-api
governance:
classification: read-only
authentication: none
operations:
- operationId: getSecurityAdvisories
intent: Return advisories for a list of packages, optionally filtered by updated date.
inputs:
- name: packages
required: true
description: Composer package names (vendor/package) to look up.
- name: updatedSince
required: false
description: Unix timestamp; only return advisories updated since this time.
outputs:
- name: advisories
description: Map of package name to a list of advisories with CVE id, severity, affected version range, and link.