Package impact
Packagist / composer/composer
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45793 | high | — | 8.0 | 18d ago | Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs | |||
| CVE-2021-41116 | medium | — | 5.5 | 5y ago | Improper escaping of command arguments on Windows leading to command injection | |||
| CVE-2021-29472 | medium | — | 5.5 | 5y ago | Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial |