Search CVE reports


Toggle filters

1 – 10 of 15 results


CVE-2026-59948

Medium priority
Needs evaluation

(Composer is a dependency Manager for the PHP language. Prior to 2.2.29 ...)

1 affected package

composer

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
composer Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-59947

Medium priority
Needs evaluation

(Composer is a dependency Manager for the PHP language. Prior to 2.2.29 ...)

1 affected package

composer

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
composer Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-59946

Medium priority
Needs evaluation

(Composer is a dependency Manager for the PHP language. Prior to 2.2.29 ...)

1 affected package

composer

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
composer Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-45793

Medium priority
Needs evaluation

[Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs]

1 affected package

composer

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
composer Not affected Not affected Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2026-40261

Medium priority
Needs evaluation

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase() method, which appends the $sourceReference parameter to a shell...

1 affected package

composer

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
composer Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-40176

Medium priority
Needs evaluation

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command() method, which constructs shell commands by interpolating...

1 affected package

composer

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
composer Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2025-67746

Medium priority
Needs evaluation

Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal...

1 affected package

composer

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
composer Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-35242

Medium priority
Fixed

Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command...

1 affected package

composer

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
composer Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-35241

Medium priority
Fixed

Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names...

1 affected package

composer

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
composer Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-24821

Medium priority

Some fixes available 1 of 2

Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under...

1 affected package

composer

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
composer Not affected Not affected Fixed Not affected Not affected
Show less packages