Package impact
Packagist / composer/composer
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45793 | high | — | 8.0 | 22d ago | Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs | |||
| CVE-2021-41116 | medium | — | 5.5 | 5y ago | Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should u… | |||
| CVE-2021-29472 | medium | — | 5.5 | 5y ago | Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow… |