composer/composer Security Advisories for 1.10.26 (3)
-
[HIGH] Command injection via malicious Perforce repository definition
PKSA-6bp1-9hfj-2cgv CVE-2026-40176 GHSA-wg36-wvj6-r67p
Affected version: >=2.3,<2.9.6|>=1.0,<2.2.27
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Command injection via malicious Perforce source reference/url
PKSA-t5r2-p5q9-mtpn CVE-2026-40261 GHSA-gqw4-4w2p-838q
Affected version: >=2.3,<2.9.6|>=1.0,<2.2.27
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Composer Remote Code Execution vulnerability via web-accessible composer.phar
PKSA-m1ph-vmbx-2xd3 CVE-2023-43655 GHSA-jm6m-4632-36hf
Affected version: >=2.3.0,<2.6.4|>=2.0.0,<2.2.22|<1.10.27
Reported by:
GitHub