Lucene search
K

5 matches found

EUVD
EUVD
added 8 hours ago4 views

EUVD-2026-43092

vulnerability in Drupal Composer allows . This issue affects Composer versions:...

6.1AI score
Exploits0References2
CVE
CVE
added yesterday13 views

CVE-2026-11914

Technical details are not publicly available in the provided documents; no affected versions, vectors, or fixes are described. Monitor for updates from Drupal SA-CONTRIB-2026-046 and related advisories.

6.1AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/20 3:32 p.m.12 views

Setup PHP: GitHub tokens configured by setup-php may be exposed through pinned affected Composer versions

Impact This affects only workflows that pin an exact affected Composer semver version through setup-php, for example tools: composer:2.9.7. Workflows using the default Composer version, composer:v2, or no pinned Composer version are not affected through setup-php, because those Composer URLs have...

5.7AI score
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/24 8:18 p.m.7 views

CVE-2024-45965

Contao before 5.5.6 allows XSS via an SVG document. This affects in contao/core-bundle in Composer 4.x before 4.13.54, 5.0.x through 5.3.x before 5.3.30, and 5.4.x and 5.5..x before 5.5.6...

6.4CVSS6AI score0.00318EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/06/10 12:0 a.m.4 views

PT-2024-4387

Name of the Vulnerable Software and Affected Versions Composer versions prior to 2.2.24 and 2.7.7 Description The issue is related to the composer install command running inside a git/hg repository with specially crafted branch names, which can lead to command injection. This requires cloning...

10CVSS7AI score0.03255EPSS
Exploits0References48
Rows per page
Query Builder