| CVE-2026-45793 |
high |
— |
8.0 |
|
|
|
17d ago |
Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs |
| CVE-2021-41116 |
medium |
— |
5.5 |
|
|
|
5y ago |
Improper escaping of command arguments on Windows leading to command injection |
| CVE-2021-29472 |
medium |
— |
5.5 |
|
|
|
5y ago |
Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial |
| CVE-2026-40176 |
unknown |
— |
— |
|
|
|
2mo ago |
Composer has a command injection via malicious perforce repository |
| CVE-2026-40261 |
unknown |
— |
— |
|
|
|
2mo ago |
Composer has a command injection via malicious perforce reference |
| CVE-2025-67746 |
unknown |
— |
— |
|
|
|
5mo ago |
Composer is vulnerable to ANSI sequence injection |
| CVE-2024-35241 |
unknown |
— |
— |
|
|
|
2y ago |
Composer has a command injection via malicious git branch name |
| CVE-2024-35242 |
unknown |
— |
— |
|
|
|
2y ago |
Composer has multiple command injections via malicious git/hg branch names |
| CVE-2024-24821 |
unknown |
— |
— |
|
|
|
2y ago |
Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php |
| CVE-2023-43655 |
unknown |
— |
— |
|
|
|
3y ago |
Composer Remote Code Execution vulnerability via web-accessible composer.phar |
| CVE-2015-8371 |
unknown |
— |
— |
|
|
|
3y ago |
Composer allows cache poisoning from other projects built on the same host |
| CVE-2022-24828 |
unknown |
— |
— |
|
|
|
4y ago |
Missing input validation can lead to command execution in composer |