Getcomposer Composer
9 CVEs affecting Getcomposer Composer. Latest disclosed: 2026-04-15. Critical: 0, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-40261 | High | 8.8 | 2026-04-15 | Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCode… |
CVE-2024-24821 | High | 8.8 | 2024-02-09 | Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation… |
CVE-2015-8371 | High | 8.8 | 2023-09-21 | Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-controlled code entering a server-side b… |
CVE-2021-29472 | High | 8.8 | 2021-04-27 | Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctl… |
CVE-2022-24828 | High | 8.3 | 2022-04-13 | Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injectio… |
CVE-2021-41116 | High | 8.2 | 2021-10-05 | Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are s… |
CVE-2026-40176 | High | 7.8 | 2026-04-15 | Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generate… |
CVE-2023-43655 | Medium | 6.4 | 2023-09-29 | Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php f… |
CVE-2025-67746 | Medium | 4.3 | 2025-12-30 | Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads… |