Description
The PHP Security Advisories Database references known security vulnerabilities in various PHP projects and libraries. This database must not serve as the primary source of information for security issues, it is not authoritative for any referenced software, but it allows to centralize information for convenience and easy consumption.
SensioLabs Security Check alternatives and similar libraries
Based on the "Security" category.
Alternatively, view SensioLabs Security Check alternatives based on common mentions on social networks and blogs.
-
-
random_compat
PHP 5.x support for random_bytes() and random_int() -
-
HTML Purifier
Standards compliant HTML filter written in PHP -
Cossack Labs
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms. -
IniScan
A php.ini scanner for best security practices -
PHP IDS
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application -
Halite
High-level cryptography interface powered by libsodium -
Optimus
๐ค Id obfuscation based on Knuth's multiplicative hashing method for PHP. -
RandomLib
A library for generating random numbers and strings -
AntiXSS
ใ๏ธ AntiXSS | Protection against Cross-site scripting (XSS) via PHP -
scheb/two-factor-bundle
[ABANDONED] Two-factor authentication for Symfony 2 & 3 applications ๐. Please use the newer versions from https://github.com/scheb/2fa. -
PHP SSH
An experimental object oriented SSH api in PHP -
Elliptic-PHP
Fast, general Elliptic Curve Cryptography library. Supports curves used in Bitcoin, Ethereum and other cryptocurrencies (secp256k1, ed25519, ..) -
CIDRAM
CIDRAM: Classless Inter-Domain Routing Access Manager. -
SecurityMultiTool
A multitool library offering access to recommended security related libraries, standardised implementations of security defences, and secure implementations of commonly performed tasks. -
TCrypto
TCrypto is a simple and flexible PHP 5.3+ in-memory key-value storage library -
True Random
Fetches random integers from random.org instead of using PHP's PRNG implementation -
VAddy
A continuous security testing platform for web applications.
Learn any GitHub repo in 59 seconds
* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest.
Do you think we are missing an alternative of SensioLabs Security Check or a related project?
|
Free Global Payroll designed for tech teams
sponsored
try.revelo.com
|
Popular Comparisons
-
SensioLabs Security CheckvsHTML Purifier
-
SensioLabs Security CheckvsAntiXSS
-
SensioLabs Security CheckvsZed
-
SensioLabs Security Checkvsscheb/two-factor-bundle
-
SensioLabs Security CheckvsPHP SSH
|
Static code analysis for 29 languages.
sponsored
www.sonarqube.org
|
README
PHP Security Advisories Database
The PHP Security Advisories Database references known security vulnerabilities in various PHP projects and libraries. This database must not serve as the primary source of information for security issues, it is not authoritative for any referenced software, but it allows to centralize information for convenience and easy consumption.
License
The PHP security advisories database is free and unencumbered software released into the public domain.
Checking for Vulnerabilities
To check for vulnerabilities in your applications beside manual checks, you should use the Local CLI tool:
local-php-security-checker --path=/path/to/composer.lock
TIP: If you are using Github, you can use the PHP Security Checker Github Action to automatically check for vulnerabilities when pushing code.
Contributing
Contributing security advisories is as easy as it can get:
You can contribute a new entry by sending a pull request or by creating a file directly via the Github interface;
Create a directory based on the Composer name of the software where the security issue exists (use
symfony/http-foundationfor an issue in the Symfony HttpFoundation component for instance);Each security issue must be saved in a file where the name is the CVE identifier (preferred) or the date when the security issue was announced followed by an increment (
2012-12-12-1for instance);The file is in the YAML format and must contain the following entries (have a look at existing entries for examples):
title: A text that describes the security issue in a few words;link: A link to the official security issue announcement (HTTPS links are preferred over HTTP ones);reference: A unique reference to identify the software (the only supported scheme iscomposer://followed by the Composer identifier);branches: A hash of affected branches, where the name is the branch name (like2.0.x), and the value is a hash with the following entries:time: The date and time in UTC when the security issue was fixed or null if the issue is not fixed yet (most of the time, the date of the merge commit that fixed the issue in the following format2012-08-27 19:17:44) -- this information must be as accurate as possible as it is used to determine if a project is affected or not;versions: An array of constraints describing affected versions for this branch (this is the same format as the one used for Composer --['>=2.0.0', '<2.0.17']).
If you have a CVE identifier, add it under the
cvekey.Make sure your file validates by running
php -d memory_limit=-1 validator.phpfrom the root of this project. This script needs some dependencies to be installed via composer, so you need to runcomposer installbefore.
If some affected code is available through different Composer entries (like when you have read-only subtree splits of a main repository), duplicate the information in several files.
*Note that all licence references and agreements mentioned in the SensioLabs Security Check README section above
are relevant to that project's source code only.