I ran this checker on some code with known vulnerabilities:
https://github.com/symfony-cmf/standard-edition/blob/9f1125f34a28214d3f7c9e1e2d5f7ec310a3986c/composer.lock
With the dependency check it found me an issue with jquery:
CVE-2007-2379 suppress
Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
• MISC -
http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
• OSVDB - 43320
Vulnerable Software & Versions:
• cpe:/a:jquery:jquery
With the sensiolabs checker, where they manually maintain a DB with CVEs to composer package mappings manually for some popular PHP projects I instead got this:
• doctrine/annotations (v1.2.4)
• Security Misconfiguration Vulnerability in various Doctrine projects — CVE-2015-5723
• doctrine/cache (v1.4.1)
• Security Misconfiguration Vulnerability in various Doctrine projects — CVE-2015-5723
• doctrine/common (v2.5.0)
• Security Misconfiguration Vulnerability in various Doctrine projects — CVE-2015-5723
• doctrine/doctrine-bundle (v1.5.0)
• Security Misconfiguration Vulnerability in various Doctrine projects — CVE-2015-5723
• doctrine/orm (v2.4.7)
• Security Misconfiguration Vulnerability in various Doctrine projects — CVE-2015-5723
• twig/twig (v1.18.1)
• Remote code execution in templates