diff --git a/src/Composer/Command/AuditCommand.php b/src/Composer/Command/AuditCommand.php
index 4c093c372..ff511625e 100644
--- a/src/Composer/Command/AuditCommand.php
+++ b/src/Composer/Command/AuditCommand.php
@@ -47,7 +47,8 @@ EOT
         }
 
         $auditor = new Auditor($httpDownloader);
-        return $auditor->audit($this->getIO(), $packages, $this->getAuditFormat($input, 'format'), false);
+
+        return min(255, $auditor->audit($this->getIO(), $packages, $this->getAuditFormat($input, 'format'), false));
     }
 
     /**
diff --git a/src/Composer/Util/Auditor.php b/src/Composer/Util/Auditor.php
index 3bb22dd25..ca45c45f0 100644
--- a/src/Composer/Util/Auditor.php
+++ b/src/Composer/Util/Auditor.php
@@ -43,7 +43,7 @@ class Auditor
      * @param PackageInterface[] $packages
      * @param self::FORMAT_* $format The format that will be used to output audit results.
      * @param bool $warningOnly If true, outputs a warning. If false, outputs an error.
-     * @return int
+     * @return int Amount of advisories found
      * @throws InvalidArgumentException If no packages are passed in
      */
     public function audit(IOInterface $io, array $packages, string $format, bool $warningOnly = true): int
@@ -56,9 +56,12 @@ class Auditor
             $punctuation = $format === 'summary' ? '.' : ':';
             $io->writeError("<$errorOrWarn>Found $numAdvisories security vulnerability advisor{$plurality}{$punctuation}</$errorOrWarn>");
             $this->outputAdvisories($io, $advisories, $format);
-            return 1;
+
+            return count($advisories);
         }
+
         $io->writeError('<info>No security vulnerability advisories found</info>');
+
         return 0;
     }