composer Latest High & Critical Vulnerabilities

Latest High & Critical vulnerabilities published by composer

JSON RSS CSV 🔔 Create Alert Trigger

15 April 2026

Command Injection Flaw in Composer Affects PHP Dependency Management
CVE-2026-40261
ComposerComposer8.8HIGH
Command Injection Vulnerability in Composer Dependency Manager by PHP
CVE-2026-40176
ComposerComposer7.8HIGH

10 June 2024

Specially crafted branch names in Git repositories can execute code
CVE-2024-35241
ComposerComposer📰8.8HIGH
Command Injection Vulnerability in Composer Affects PHP Projects
CVE-2024-35242
ComposerComposer👾🟡EPSS 23%📰8.8HIGH

9 February 2024

Arbitrary Code Execution Vulnerability in Composer Affects PHP Developers
CVE-2024-24821
ComposerComposer8.8HIGH

13 April 2022

Missing input validation can lead to command execution in composer
CVE-2022-24828
ComposerComposer8.3HIGH

5 October 2021

Command injection in composer on Windows
CVE-2021-41116
ComposerComposer8.2HIGH

27 April 2021

Missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial in composer
CVE-2021-29472
ComposerComposer8.8HIGH

15 March 2020

Remote Command Execution in Docker Compose Remote API by Snyk
CVE-2020-7606
Docker-compose-re...Docker-compose-remote-api9.8CRITICAL