diff --git a/src/Controller/ApiController.php b/src/Controller/ApiController.php
index 3fe34bb4b..71d8380b8 100644
--- a/src/Controller/ApiController.php
+++ b/src/Controller/ApiController.php
@@ -365,6 +365,12 @@ public function securityAdvisoryAction(Request $request, ProviderManager $provid
 
         $statsd->increment('advisory_api');
 
+        // resolve Package-URL to package names https://github.com/package-url/purl-spec/blob/main/PURL-SPECIFICATION.rst
+        $packageNames = array_map(
+            fn ($name) => Preg::replace('{^pkg:/?/?composer/([^/]+/[^/@?]+).*}', '$1', $name),
+            $packageNames
+        );
+
         $advisories = $this->getEM()->getRepository(SecurityAdvisory::class)->searchSecurityAdvisories($packageNames, $updatedSince);
         $response = ['advisories' => $advisories];
 
diff --git a/templates/api_doc/index.html.twig b/templates/api_doc/index.html.twig
index 33d36f94e..c069f6f46 100644
--- a/templates/api_doc/index.html.twig
+++ b/templates/api_doc/index.html.twig
@@ -451,7 +451,7 @@ GET https://{{ packagist_host }}/statistics.json
 
     <p>This endpoint provides a list of security advisories. Either a list of packages as query or request parameter OR a timestamp as updatedSince query parameter needs to be passed.</p>
 
-    <p>When querying with a list of packages, known packages will be included in the response with an empty array if they don't have any listed vulnerability. Package names which are not known to have no vulnerability will not be included at all to show that we do not have data on those.</p>
+    <p>When querying with a list of packages, known packages will be included in the response with an empty array if they don't have any listed vulnerability. Package names which are not known to have no vulnerability will not be included at all to show that we do not have data on those. Note that <a href="https://github.com/package-url/purl-spec/blob/main/PURL-SPECIFICATION.rst">PURL</a> package URLs like <code>pkg:composer/foo/bar</code> can also be provided to the packages parameter.</p>
 
     <pre>
 GET https://{{ packagist_host }}/api/security-advisories/?packages[]=[vendor/package]
diff --git a/templates/package/view_package.html.twig b/templates/package/view_package.html.twig
index 887bfca02..04868460e 100644
--- a/templates/package/view_package.html.twig
+++ b/templates/package/view_package.html.twig
@@ -273,6 +273,7 @@
                             {% if package.isPiePackage() %}
                                 <p><span>Ext name:</span>{{ version.pieName }}</p>
                             {% endif %}
+                            <p><span title="PURL / Package-URL">pkg:composer/{{ package.name }}</span></p>
                         </div>
                     </div>
                 </div>