| CVE-2026-45793 |
high |
— |
8.0 |
|
|
|
22d ago |
Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs |
| CVE-2026-40176 |
unknown |
— |
— |
|
|
|
2mo ago |
Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command() method, which constructs she… |
| CVE-2026-40261 |
unknown |
— |
— |
|
|
|
2mo ago |
Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase() method, which appends the $source… |
| CVE-2025-67746 |
unknown |
— |
— |
|
|
|
5mo ago |
Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI cont… |
| CVE-2024-35241 |
unknown |
— |
— |
|
|
|
2y ago |
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing … |
| CVE-2024-35242 |
unknown |
— |
— |
|
|
|
2y ago |
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch na… |
| CVE-2024-24821 |
unknown |
— |
— |
|
|
|
2y ago |
Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the e… |
| CVE-2023-43655 |
unknown |
— |
— |
|
|
|
3y ago |
Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code exec… |
| CVE-2015-8371 |
unknown |
— |
— |
|
|
|
3y ago |
Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-controlled code entering a server-side build process. The issue occurs because o… |
| CVE-2022-24828 |
unknown |
— |
— |
|
|
|
4y ago |
Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control … |
