composer/composer Security Advisories for 2.8.3 (3)
-
[HIGH] Command injection via malicious Perforce repository definition
PKSA-6bp1-9hfj-2cgv CVE-2026-40176 GHSA-wg36-wvj6-r67p
Affected version: >=2.3,<2.9.6|>=1.0,<2.2.27
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Command injection via malicious Perforce source reference/url
PKSA-t5r2-p5q9-mtpn CVE-2026-40261 GHSA-gqw4-4w2p-838q
Affected version: >=2.3,<2.9.6|>=1.0,<2.2.27
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[LOW] Composer is vulnerable to ANSI sequence injection
PKSA-1gck-s111-yq7g CVE-2025-67746 GHSA-59pp-r3rg-353g
Affected version: >=2.3.0,<2.9.3|>=2.0.0,<2.2.26
Reported by:
GitHub