security-advisories is a packagist library included in the Tidelift Subscription

Tidelift is working with the maintainers of security-advisories and thousands of other projects to provide application development teams with catalogs of issue-free open source software that “just works.”

Free Demo

With a managed open source subscription from Tidelift, you’ll be able to create your own customizable catalogs of known-good, proactively maintained JavaScript, Python, Java, PHP, Ruby, and . NET components. Accelerate your adoption of open source without the burden of managing it yourself and without sacrificing security, maintainability, or licensing compliance.



tidelift-different-q32019 security-advisories is a part of the Tidelift Subscription

About security-advisories

roave/security-advisories is a PHP library that prevents installation of Composer packages with known security vulnerabilities: no API, simply require it. This means that roave/security-advisories keeps known security vulnerabilities out of your project.

roave/security-advisories means you don't have to install and run an additional CLI tool for something that Composer can provide directly.

What does that mean?

roave/security-advisories compiles a list of conflict versions from into a composer metapackage, which has tons of advantages, like:

  • No files or actual dependencies are added to the project
  • Packages with security issues are filtered out during dependency resolution
  • No more CLI tool to run separately, no more CI setup steps
  • No need to upgrade the roave/security-advisories separately
  • No coupling or version constraints with any dependencies used by similar CLI-based alternatives

roave/security-advisories has been downloaded more than 9 million times.

You can learn more about roave/security-advisories in this blog post written by the creator.

roave/security-advisories is available via the Packagist package manager.



The Tidelift Subscription



Stop parsing painful scanner reports

full of false positives and open source trivia
Create-catalog (1)

Start using our catalogs of known-good open source components

that are proactively managed for you

Create your own catalogs of approved components,

and customize specifically for your organization




Verified updates for zero-day vulnerabilities, coordinated security responses, and immediate notifications of which of your applications are impacted, with the fix prepared for you. Like your phone, just "apply updates" to stay secure.


Verified-accurate open source licenses (including IP indemnification) and customizable policy enforcement. Your up-to-date software “bill of materials” is always one click away.


Tidelift continuously guides you on your upgrade path, steering you towards the best packages and versions for your particular application. It’s like a GPS for open source software.

Free Demo