HIGH8.8CVE-2026-40261Composer has a command injection via malicious perforce reference from 0
HIGH8.8CVE-2024-35241Composer has a command injection via malicious git branch name from 0, < 2.0.9-2+deb11u3
HIGH8.8CVE-2024-35241Composer has a command injection via malicious git branch name from 0, < 2.0.9-2+deb11u3
HIGH8.8Composer has a command injection via malicious git branch name
from 0, < 1.8.4-1+deb10u4
HIGH8.8Composer has multiple command injections via malicious git/hg branch names
from 0, < 2.0.9-2+deb11u3
HIGH8.8Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php
from 0, < 2.0.9-2+deb11u2
HIGH8.8Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php
from 0, < 2.0.9-2+deb11u2
HIGH8.8Composer Remote Code Execution vulnerability via web-accessible composer.phar
from 0
HIGH8.8Composer Remote Code Execution vulnerability via web-accessible composer.phar
from 0, < 1.8.4-1+deb10u3
HIGH8.8Composer allows cache poisoning from other projects built on the same host
from 0, < 1.0.0~alpha11-3
HIGH8.8Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial
from 0, < 1.2.2-1+deb9u1
HIGH8.8Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial
from 0, < 2.0.9-2
HIGH8.8Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial
from 0, < 1.8.4-1+deb10u1
HIGH8.3Missing input validation can lead to command execution in composer
from 0, < 2.0.9-2+deb11u1
HIGH7.8Composer has a command injection via malicious perforce repository
from 0
HIGH7.5Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs
from 0, < 0.9.1+dfsg-1
MEDIUM4.3Composer is vulnerable to ANSI sequence injection
from 0