Nette Framework - Remote Code Execution

Nette Framework versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, and 3.0.6 are vulnerable to a code injection attack via specially formed parameters being passed to a URL. Nette is a PHP/Composer MVC Framework. id: CVE-2020-15227 info: name: Nette Framework - Remote Code Execution author:...

Security update for php-composer2

This update for php-composer2 fixes the following issues CVE-2026-40176: command injection via malicious Perforce repository definition bsc1262254. CVE-2026-40261: command injection via malicious Perforce source reference/url bsc1262255. Changes for php-composer2: version update to 2.2.27 align...

SUSE-SU-2026:1784-1 Security update for php-composer2

This update for php-composer2 fixes the following issues: - CVE-2026-40176: arbitrary command injection via malicious Perforce repository definition bsc1262254. - CVE-2026-40261: arbitrary command injection via malicious Perforce source reference/url bsc1262255...

OPENSUSE-SU-2026:10643-1 php-composer2-2.9.7-1.1 on GA media

These are all security issues fixed in the php-composer2-2.9.7-1.1 package on the GA media of openSUSE Tumbleweed...

PHP Composer -- Multiple vulnerabilities

Composer project reports: Fixed command injection via malicious Perforce reference GHSA-gqw4-4w2p-838q / CVE-2026-40261 Fixed command injection via malicious Perforce repository definition GHSA-wg36-wvj6-r67p / CVE-2026-40176...

Security update for php-composer2

This update for php-composer2 fixes the following issues: CVE-2025-67746: Fixed ANSI control characters injection in the terminal output of various Composer commands via attacker controlled remote sources. bsc1255768 Patch Instructions: To install this SUSE update use the SUSE recommended...

SUSE SLES15 / openSUSE 15 Security Update : php-composer2 (SUSE-SU-2026:0825-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0825-1 advisory. CVE-2025-67746: Fixed ANSI control characters injection in the terminal output of various Composer commands via attacker...

Security update for php-composer2

This update for php-composer2 fixes the following issues: CVE-2025-67746: Fixed ANSI control characters injection in the terminal output of various Composer commands via attacker controlled remote sources. bsc1255768 Patch Instructions: To install this SUSE update use the SUSE recommended...

SUSE-SU-2026:0825-1 Security update for php-composer2

This update for php-composer2 fixes the following issues: CVE-2025-67746: Fixed ANSI control characters injection in the terminal output of various Composer commands via attacker controlled remote sources. bsc1255768...

OPENSUSE-SU-2026:10054-1 php-composer2-2.9.3-1.1 on GA media

These are all security issues fixed in the php-composer2-2.9.3-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2024-47049

The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 used with PHP Composer does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files...

czim/file-handling vulnerable to SSRF and directory traversal

The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 used with PHP Composer does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files...

GHSA-6RGH-R6J3-3223 czim/file-handling vulnerable to SSRF and directory traversal

The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 used with PHP Composer does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files...

CVE-2024-47049

The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 used with PHP Composer does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files...

CVE-2024-47049

The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 used with PHP Composer does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files...

CVE-2024-47049

CVE-2024-47049 affects czim/file-handling <1.5.0 and 2.x

CVE-2024-47049

The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 used with PHP Composer does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files...

CVE-2024-47049

The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 used with PHP Composer does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files...

ROS-20240626-10

A vulnerability in the getUnpushedChanges function of the dependency manager for PHP Composer is related to the use of the status and reinstall commands. status, reinstall and remove commands. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary command...

OPENSUSE-SU-2024:14040-1 php-composer2-2.7.7-1.1 on GA media

These are all security issues fixed in the php-composer2-2.7.7-1.1 package on the GA media of openSUSE Tumbleweed...