GHSA-M8XX-3X29-84H8 backpack/crud is vulnerable to Cross-Site Scripting (XSS)

Impact It’s a “moderate” vulnerability… but being an admin panel, we take this seriously. It’s difficult… but an attacker could conduct a targeted phishing campaign, in order to trick your users or admins to click a malicious link, which under very specific circumstances could give them...

backpack/crud is vulnerable to Cross-Site Scripting (XSS)

Impact It’s a “moderate” vulnerability… but being an admin panel, take this seriously. It’s difficult… but an attacker could conduct a targeted phishing campaign, in order to trick your users or admins to click a malicious link, which under very specific circumstances could give them information...

PT-2026-46102

Impact It’s a “moderate” vulnerability… but being an admin panel, we take this seriously. It’s difficult… but an attacker could conduct a targeted phishing campaign, in order to trick your users or admins to click a malicious link, which under very specific circumstances could give them...

Fedora 44 : pie (2026-3d8d946f69)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3d8d946f69 advisory. Version 1.4.4 Dependencies - Update Composer to 2.9.8 ---- Version 1.4.3 - add output check for dnf permission denied thanks to @asgrim and @hackel - don't...

Fedora 43 : pie (2026-b7427db462)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b7427db462 advisory. Version 1.4.4 Dependencies - Update Composer to 2.9.8 ---- Version 1.4.3 - add output check for dnf permission denied thanks to @asgrim and @hackel - don't...

[SECURITY] Fedora 44 Update: composer-2.9.8-1.fc44

Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/...

Important: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Fedora 42 : pie (2026-3b2063832d)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3b2063832d advisory. Version 1.4.1 - Update bundled Composer to 2.9.7 ---- Version 1.4.0 New features! - Prompt to install missing system dependencies - Prompt to install build...

[SECURITY] Fedora 43 Update: composer-2.9.7-1.fc43

Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/...

PT-2026-32622

Name of the Vulnerable Software and Affected Versions Composer versions 1.0 through 2.2.26 Composer versions 2.3 through 2.9.5 Description Command injection is possible in the PHP dependency manager Composer. The Perforce::syncCodeBase function appends the $sourceReference parameter to a shell...

PT-2026-32621

Name of the Vulnerable Software and Affected Versions Composer versions 1.0 through 2.2.26 Composer versions 2.3 through 2.9.5 Description A command injection issue exists in the Perforce VCS driver of Composer, a dependency manager for PHP. The Perforce::generateP4Command function constructs she...

[SECURITY] Fedora 42 Update: composer-2.9.3-1.fc42

Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/...

Moderate: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

ALSA-2025:9634 Moderate: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: net/http:...

Important: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

Important: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

osbuild-composer security update

An update is available for osbuild-composer. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list A service for building customized OS artifacts, such as VM images an...

GHSA-8237-957H-H2C2 FileManager Deserialization of Untrusted Data vulnerability

Impact Deserialization of untrusted data from the mimes parameter could lead to remote code execution. Patches Fixed in 3.0.9 Workarounds Not needed, a composer update will solve it in a non-breaking way. References Reported responsibly Vladislav Gladkiy at Positive Technologies...

[SECURITY] [DSA 5715-2] composer regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-5715-2 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 24, 2024 https://www.debian.org/security/faq -...

DSA-5715-2 composer - regression update

Bulletin has no description...