If you have found any issues that might have security implications, please send a report privately to security@packagist.org
Do not report security reports publicly.
Security: composer/composer
Security
SECURITY.md
-
Code execution and possible privilege escalation via compromised InstalledVersions.php or installed.phpGHSA-7c6p-848j-wh5h published
Feb 8, 2024 by SeldaekHigh -
Remote Code Execution via web-accessible composer.pharGHSA-jm6m-4632-36hf published
Sep 29, 2023 by SeldaekLow -
Missing input validation can lead to command execution via VcsDriver::getFileContent()GHSA-x7cr-6qr6-2hh6 published
Apr 13, 2022 by SeldaekModerate -
Improper escaping of command arguments on Windows leading to command injectionGHSA-frqg-7g38-6gcf published
Oct 5, 2021 by SeldaekModerate -
Missing argument delimiter can lead to command execution via VCS repository URLs or source download URLs on systems with MercurialGHSA-h5h8-pc6h-jvvx published
Apr 27, 2021 by SeldaekHigh
Learn more about advisories related to composer/composer in the GitHub Advisory Database