Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

27 matches found

Tenable Nessus
Tenable Nessusadded 2026/05/25 12:0 a.m.9 views

Fedora 43 : composer (2026-3e8172bbdb)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3e8172bbdb advisory. Version 2.9.8 - 2026-05-13 Security: Fixed GitHub token validation and disclosure GHSA-f9f8-rm49-7jv2 Tenable has extracted the preceding description block...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2026/05/25 12:0 a.m.12 views

Fedora 44 : composer (2026-bd05cb6c4d)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-bd05cb6c4d advisory. Version 2.9.8 - 2026-05-13 Security: Fixed GitHub token validation and disclosure GHSA-f9f8-rm49-7jv2 Tenable has extracted the preceding description block...

5.8AI score
Exploits0References1
Wolfi
Wolfiadded 2026/04/24 1:50 p.m.5 views

CVE-2026-40261 vulnerabilities

Vulnerabilities for packages: composer...

8.8CVSS5.6AI score0.0005EPSS
Exploits2
Wolfi
Wolfiadded 2026/04/24 1:50 p.m.6 views

GHSA-GQW4-4W2P-838Q vulnerabilities

Vulnerabilities for packages: composer...

5.2AI score
Exploits0
Wolfi
Wolfiadded 2026/04/24 1:50 p.m.8 views

GHSA-WG36-WVJ6-R67P vulnerabilities

Vulnerabilities for packages: composer...

5.2AI score
Exploits0
Chainguard
Chainguardadded 2026/04/24 1:17 p.m.3 views

GHSA-GQW4-4W2P-838Q vulnerabilities

Vulnerabilities for packages: composer...

5.2AI score
Exploits0
Chainguard
Chainguardadded 2026/04/24 1:17 p.m.8 views

GHSA-WG36-WVJ6-R67P vulnerabilities

Vulnerabilities for packages: composer...

5.2AI score
Exploits0
Snyk
Snykadded 2026/04/14 8:3 p.m.2 views

Command Injection

Overview composer/composer is a Dependency Manager for PHP. Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere. Affected versions of this package are vulnerable to Command Injection via the generateP4Command function. An...

8.5CVSS6.3AI score0.00023EPSS
Exploits3References2
Snyk
Snykadded 2026/04/14 8:1 p.m.4 views

Command Injection

Overview composer/composer is a Dependency Manager for PHP. Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere. Affected versions of this package are vulnerable to Command Injection via the Perforce::syncCodeBase and...

8.8CVSS6.3AI score0.0005EPSS
Exploits2References2
OpenVAS
OpenVASadded 2026/01/14 12:0 a.m.2 views

Fedora: Security Advisory (FEDORA-2026-13b4dbe546)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.2AI score0.00018EPSS
Exploits0References3
OpenVAS
OpenVASadded 2026/01/14 12:0 a.m.2 views

Fedora: Security Advisory (FEDORA-2026-0b03072979)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.2AI score0.00018EPSS
Exploits0References3
OpenVAS
OpenVASadded 2025/06/30 12:0 a.m.3 views

Ubuntu: Security Advisory (USN-7603-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.5AI score0.23787EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/05/23 3:31 a.m.6 views

CVE-2023-3964

An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public projects that have package registry disable...

4.3CVSS6.5AI score0.00179EPSS
Exploits0References1
Amazon
Amazonadded 2024/07/18 12:0 a.m.5 views

Important: composer

Issue Overview: Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the status, reinstall and remove commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches fo...

8.8CVSS7.1AI score0.00442EPSS
Exploits0
OpenVAS
OpenVASadded 2024/07/01 12:0 a.m.14 views

Debian: Security Advisory (DSA-5715-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.8AI score0.23787EPSS
Exploits0References2
OSV
OSVadded 2024/06/15 12:0 a.m.13 views

OPENSUSE-SU-2024:14040-1 php-composer2-2.7.7-1.1 on GA media

These are all security issues fixed in the php-composer2-2.7.7-1.1 package on the GA media of openSUSE Tumbleweed...

8.8CVSS8.7AI score0.23787EPSS
Exploits0References2
Wolfi
Wolfiadded 2024/06/10 10:15 p.m.146 views

CVE-2024-35241 vulnerabilities

Vulnerabilities for packages: composer...

8.8CVSS7.2AI score0.00442EPSS
Exploits0
Chainguard
Chainguardadded 2024/06/10 10:15 p.m.5 views

CVE-2024-35242 vulnerabilities

Vulnerabilities for packages: composer...

8.8CVSS6.8AI score0.23787EPSS
Exploits0
OSV
OSVadded 2024/04/28 12:30 a.m.38 views

GHSA-3494-CFWF-56HW mdanter/ecc affected by timing vulnerability in cryptographic side-channels

phpecc, as used in all versions of mdanter/ecc, as well as paragonie/ecc before 2.0.1, has a branch-based timing leak in Point addition. This Composer package is also known as phpecc/phpecc on GitHub, previously known as the Matyas Danter ECC library. Paragon Initiative Enterprises hard-forked...

5.3CVSS4.5AI score0.00119EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2024/04/28 12:30 a.m.20 views

mdanter/ecc affected by timing vulnerability in cryptographic side-channels

phpecc, as used in all versions of mdanter/ecc, as well as paragonie/ecc before 2.0.1, has a branch-based timing leak in Point addition. This Composer package is also known as phpecc/phpecc on GitHub, previously known as the Matyas Danter ECC library. Paragon Initiative Enterprises hard-forked...

4.3CVSS7.1AI score0.00119EPSS
Exploits0References6Affected Software2
Rows per page
Query Builder