HIGH8.8CVE-2026-40261Composer has Command Injection via Malicious Perforce Reference from 0
HIGH8.8CVE-2024-35241Composer vulnerable to command injection via malicious git branch name from 0, < 2.0.9-2+deb11u3
HIGH8.8CVE-2024-35241Composer vulnerable to command injection via malicious git branch name from 0, < 2.0.9-2+deb11u3
HIGH8.8Composer vulnerable to command injection via malicious git branch name
from 0, < 1.8.4-1+deb10u4
HIGH8.8Composer vulnerable to command injection via malicious git/hg branch names
from 0, < 2.0.9-2+deb11u3
HIGH8.8Code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php in Composer
from 0, < 2.0.9-2+deb11u2
HIGH8.8Code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php in Composer
from 0, < 2.0.9-2+deb11u2
HIGH8.8Remote Code Execution via web-accessible composer.phar
from 0
HIGH8.8Remote Code Execution via web-accessible composer.phar
from 0, < 1.8.4-1+deb10u3
HIGH8.8Composer allows cache poisoning from other projects built on the same host
from 0, < 1.0.0~alpha11-3
HIGH8.8Missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial in composer
from 0, < 1.2.2-1+deb9u1
HIGH8.8Missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial in composer
from 0, < 2.0.9-2
HIGH8.8Missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial in composer
from 0, < 1.8.4-1+deb10u1
HIGH8.3Missing input validation can lead to command execution in composer
from 0, < 2.0.9-2+deb11u1
HIGH7.8Composer is vulnerable to Command Injection via Malicious Perforce Repository
from 0
HIGH7.5Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs
from 0, < 0.9.1+dfsg-1
MEDIUM4.3Composer vulnerable to ANSI sequence injection
from 0