About a year and a half ago Fabien Potencier announced the PHP Security Advisories Database initiative. Part of the initiative the SensioLabs Security Advisories Checker (beta) website came to life. The website and the api behind it makes it very easy to check your composer.lock file for dependencies which "have issues". Either upload your composer.lock file to the website or use the CLI tool to communicate with the api directly. About 2 weeks ago Fabien took the next step forward and announced that the Security Advisories Database is distributed as public domain and as such can now be "controlled" by the community.