Lucene search
+L

6 matches found

NVD
NVD
added 2 days ago3 views

CVE-2026-45793

Composer is a dependency Manager for the PHP language. Prior to 1.10.28, 2.2.28, and 2.9.8, Composer\IO\BaseIO::loadConfiguration validates GitHub OAuth tokens with the regex ^.A-Za-z0-9+$ and interpolates rejected tokens into an UnexpectedValueException; GitHub Actions GITHUBTOKEN values using t...

7.5CVSS0.00519EPSS
Exploits0References9
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-43092

vulnerability in Drupal Composer allows . This issue affects Composer versions:...

6.1AI score0.00217EPSS
Exploits0References2
CVE
CVE
added last week14 views

CVE-2026-11914

Technical details (affected versions, root cause, impact, and available fixes) for CVE-2026-11914 are not publicly provided in the given documents. Monitor for updates from Drupal SA-CONTRIB-2026-046 and related advisories for concrete info.

5.9CVSS6.1AI score0.00217EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/20 3:32 p.m.14 views

Setup PHP: GitHub tokens configured by setup-php may be exposed through pinned affected Composer versions

Impact This affects only workflows that pin an exact affected Composer semver version through setup-php, for example tools: composer:2.9.7. Workflows using the default Composer version, composer:v2, or no pinned Composer version are not affected through setup-php, because those Composer URLs have...

5.7AI score
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/24 8:18 p.m.8 views

CVE-2024-45965

Contao before 5.5.6 allows XSS via an SVG document. This affects in contao/core-bundle in Composer 4.x before 4.13.54, 5.0.x through 5.3.x before 5.3.30, and 5.4.x and 5.5..x before 5.5.6...

6.4CVSS6AI score0.00318EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/06/10 12:0 a.m.4 views

PT-2024-4387

Name of the Vulnerable Software and Affected Versions Composer versions prior to 2.2.24 and 2.7.7 Description The issue is related to the composer install command running inside a git/hg repository with specially crafted branch names, which can lead to command injection. This requires cloning...

10CVSS7AI score0.03282EPSS
Exploits0References48
Rows per page
Query Builder