pkg:Debian/composer

17 total CVEsHIGH16MEDIUM1

✅ Check your installed version

All known vulnerabilities

  • HIGH8.8CVE-2026-40261Composer has a command injection via malicious perforce reference
    from 0
  • HIGH8.8CVE-2024-35241Composer has a command injection via malicious git branch name
    from 0, < 2.0.9-2+deb11u3
  • HIGH8.8CVE-2024-35241Composer has a command injection via malicious git branch name
    from 0, < 2.0.9-2+deb11u3
  • HIGH8.8CVE-2024-35241Composer has a command injection via malicious git branch name
    from 0, < 1.8.4-1+deb10u4
  • HIGH8.8CVE-2024-35242Composer has multiple command injections via malicious git/hg branch names
    from 0, < 2.0.9-2+deb11u3
  • HIGH8.8CVE-2024-24821Code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php in Composer
    from 0, < 2.0.9-2+deb11u2
  • HIGH8.8CVE-2024-24821Code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php in Composer
    from 0, < 2.0.9-2+deb11u2
  • HIGH8.8CVE-2023-43655Remote Code Execution via web-accessible composer.phar
    from 0
  • HIGH8.8CVE-2023-43655Remote Code Execution via web-accessible composer.phar
    from 0, < 1.8.4-1+deb10u3
  • HIGH8.8CVE-2015-8371Composer allows cache poisoning from other projects built on the same host
    from 0, < 1.0.0~alpha11-3
  • HIGH8.8CVE-2021-29472Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial
    from 0, < 1.2.2-1+deb9u1
  • HIGH8.8CVE-2021-29472Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial
    from 0, < 2.0.9-2
  • HIGH8.8CVE-2021-29472Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial
    from 0, < 1.8.4-1+deb10u1
  • HIGH8.3CVE-2022-24828Missing input validation can lead to command execution in composer
    from 0, < 2.0.9-2+deb11u1
  • HIGH7.8CVE-2026-40176Composer has a command injection via malicious perforce repository
    from 0
  • HIGH7.5CVE-2026-45793Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs
    from 0, < 0.9.1+dfsg-1
  • MEDIUM4.3CVE-2025-67746Composer is vulnerable to ANSI sequence injection
    from 0