pkg:Packagist/composer/composer

所有已知漏洞

• HIGH8.8CVE-2026-40261Composer has Command Injection via Malicious Perforce Reference
  >= 2.3.0, < 2.9.6
• HIGH8.8CVE-2024-35241Composer vulnerable to command injection via malicious git branch name
  >= 2.0, < 2.2.24
• HIGH8.8CVE-2024-35242Composer vulnerable to command injection via malicious git/hg branch names
  >= 2.0, < 2.2.24
• HIGH8.8CVE-2024-24821Code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php in Composer
  >= 2.0.0-alpha1, < 2.2.23
• HIGH8.8CVE-2023-43655Remote Code Execution via web-accessible composer.phar
  from 0, < 1.10.27
• HIGH8.8CVE-2015-8371Composer allows cache poisoning from other projects built on the same host
  from 0, < 1.0.0
• HIGH8.8CVE-2021-29472Missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial in composer
  from 0, < 1.10.22
• HIGH8.3CVE-2022-24828Missing input validation can lead to command execution in composer
  from 0, < 1.10.26
• HIGH8.2CVE-2021-41116Command injection in composer on Windows
  from 0, < 1.10.23
• HIGH7.8CVE-2026-40176Composer is vulnerable to Command Injection via Malicious Perforce Repository
  >= 2.3.0, < 2.9.6
• HIGH7.5CVE-2026-45793Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs
  >= 2.3.0, < 2.9.8
• MEDIUM4.3CVE-2025-67746Composer vulnerable to ANSI sequence injection
  >= 2.0.0, < 2.2.26