2119 matches found
[SECURITY] Fedora 43 Update: composer-2.10.1-1.fc43
Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/...
[SECURITY] Fedora 44 Update: composer-2.10.1-1.fc44
Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/...
Fedora 44 : composer (2026-9b34a78e81)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-9b34a78e81 advisory. Version 2.10.1 - 2026-06-04 Security: Fixed shell escaping when opening an editor 12903 Security: Verify backup phar signature before restoring it when using...
Fedora 43 : composer (2026-4308b5fc39)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-4308b5fc39 advisory. Version 2.10.1 - 2026-06-04 Security: Fixed shell escaping when opening an editor 12903 Security: Verify backup phar signature before restoring it when using...
RLSA-2026:22714 Important: osbuild-composer security update
A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: golang:...
osbuild-composer security update
An update is available for osbuild-composer. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list A service for building customized OS artifacts, such as VM images an...
DRUPAL-CONTRIB-2026-046
The security team is marking the Composer module for Drupal project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read:...
PT-2026-48594
Name of the Vulnerable Software and Affected Versions Drupal Composer affected versions not specified Description A security issue exists in the Drupal Composer project. This project is a Drupal system component that utilizes Composer and is distinct from the Composer software itself...
Composer - Critical - Unsupported - SA-CONTRIB-2026-046
The security team is marking the Composer module for Drupal project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read:...
Medium: composer
Issue Overview: Github Actions issued GITHUBTOKEN disclosure in GitHub Actions logs CVE-2026-45793 Affected Packages: composer Issue Correction: Run dnf update composer --releasever 2023.12.20260608 or dnf update --advisory ALAS2023-2026-1800 --releasever 2023.12.20260608 to update your system...
Amazon Linux 2023 : composer (ALAS2023-2026-1800)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1800 advisory. Github Actions issued GITHUBTOKEN disclosure in GitHub Actions logs CVE-2026-45793 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that...
RHEL 9 : osbuild-composer (RHSA-2026:22733)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:22733 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for...
RHEL 10 : osbuild-composer (RHSA-2026:22450)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22450 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building...
RHEL 9 : osbuild-composer (RHSA-2026:22709)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22709 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building...
RHEL 9 : osbuild-composer (RHSA-2026:22714)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22714 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building...
CVE-2026-34216
CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the admin settings update endpoint accepted a fully qualified class name directly from user-supplied request input and used it for dynamic static method calls and object instantiation without any allowli...
CVE-2026-8134
Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue administrator with composer form editing rights can exploit this to include arbitrary readable file...
RLSA-2026:22450 Important: osbuild-composer security update
A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: golang:...
osbuild-composer security update
An update is available for osbuild-composer. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list A service for building customized OS artifacts, such as VM images a...
WordPress Hybrid Composer plugin <= 1.4.6 Unauthenticated Settings Change vulnerability
WordPress Hybrid Composer plugin = 1.4.6 Unauthenticated Settings Change vulnerability discovered by ? in WordPress Plugin Hybrid Composer versions = 1.4.6...