# WP Sec Adv: WordPress Security Advisories for Composer

**URL:** https://discourse.roots.io/t/wp-sec-adv-wordpress-security-advisories-for-composer/30274
**Category:** blog
**Tags:** wp-packages, composer
**Created:** 2026-04-01T14:43:54Z
**Posts:** 1

## Post 1 by @ben — 2026-04-01T14:43:55Z

If you manage WordPress with Composer, you’ve probably noticed a gap: `composer audit` works great for PHP packages on Packagist, but it has no awareness of WordPress plugin and theme vulnerabilities. [WP Sec Adv](https://github.com/typisttech/wpsecadv) by @TangRufus was built to bring security advisory support to WordPress packages installed via Composer.

**Read more on our blog: [WP Sec Adv: WordPress Security Advisories for Composer | Roots](https://roots.io/wp-sec-adv-wordpress-security-advisories-for-composer/)**