If you have found any issues that might have security implications, please send a report privately to [email protected]
Do not report security reports publicly.
Security: composer/composer
Security
SECURITY.md
-
Multiple command injections via malicious git/hg branch namesGHSA-v9qv-c7wm-wgmf published
Jun 10, 2024 by SeldaekHigh -
Command injection via malicious git branch nameGHSA-47f6-5gq3-vx9c published
Jun 10, 2024 by SeldaekHigh -
Code execution and possible privilege escalation via compromised InstalledVersions.php or installed.phpGHSA-7c6p-848j-wh5h published
Feb 8, 2024 by SeldaekHigh -
Remote Code Execution via web-accessible composer.pharGHSA-jm6m-4632-36hf published
Sep 29, 2023 by SeldaekLow -
Missing input validation can lead to command execution via VcsDriver::getFileContent()GHSA-x7cr-6qr6-2hh6 published
Apr 13, 2022 by SeldaekModerate -
Improper escaping of command arguments on Windows leading to command injectionGHSA-frqg-7g38-6gcf published
Oct 5, 2021 by SeldaekModerate -
Missing argument delimiter can lead to command execution via VCS repository URLs or source download URLs on systems with MercurialGHSA-h5h8-pc6h-jvvx published
Apr 27, 2021 by SeldaekHigh
Learn more about advisories related to composer/composer in the GitHub Advisory Database