Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/composer/composer@2.2.14
Typecomposer
Namespacecomposer
Namecomposer
Version2.2.14
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.2.27
Latest_non_vulnerable_version2.9.8
Affected_by_vulnerabilities
0
url VCID-1cgx-psut-e3hh
vulnerability_id VCID-1cgx-psut-e3hh
summary 
Composer is vulnerable to ANSI sequence injection
Attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and potentially leading to confusion or DoS of the terminal application.

There is no proven exploit and this has thus a low severity but Composer still published a CVE as it has potential for abuse, and Composer wants to be on the safe side informing users that they should upgrade.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67746.json
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67746.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67746
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.05166
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67746
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/composer/composer
reference_id
reference_type
scores
0
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/composer/composer
4
reference_url https://github.com/composer/composer/commit/1d40a95c9d39a6b7f80d404ab30336c586da9917
reference_id
reference_type
scores
0
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-30T17:17:14Z/
url https://github.com/composer/composer/commit/1d40a95c9d39a6b7f80d404ab30336c586da9917
5
reference_url https://github.com/composer/composer/commit/5db1876a76fdef76d3c4f8a27995c434c7a43e71
reference_id
reference_type
scores
0
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-30T17:17:14Z/
url https://github.com/composer/composer/commit/5db1876a76fdef76d3c4f8a27995c434c7a43e71
6
reference_url https://github.com/composer/composer/releases/tag/2.2.26
reference_id
reference_type
scores
0
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-30T17:17:14Z/
url https://github.com/composer/composer/releases/tag/2.2.26
7
reference_url https://github.com/composer/composer/releases/tag/2.9.3
reference_id
reference_type
scores
0
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-30T17:17:14Z/
url https://github.com/composer/composer/releases/tag/2.9.3
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2426283
reference_id 2426283
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2426283
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-67746
reference_id CVE-2025-67746
reference_type
scores
0
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-67746
10
reference_url https://github.com/advisories/GHSA-59pp-r3rg-353g
reference_id GHSA-59pp-r3rg-353g
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-59pp-r3rg-353g
11
reference_url https://github.com/composer/composer/security/advisories/GHSA-59pp-r3rg-353g
reference_id GHSA-59pp-r3rg-353g
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
2
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-30T17:17:14Z/
url https://github.com/composer/composer/security/advisories/GHSA-59pp-r3rg-353g
12
reference_url https://access.redhat.com/errata/RHSA-2026:8165
reference_id RHSA-2026:8165
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8165
fixed_packages
0
url pkg:composer/composer/composer@2.2.26
purl pkg:composer/composer/composer@2.2.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8pap-8xmr-m3ha
1
vulnerability VCID-kpnb-b563-1yft
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.2.26
1
url pkg:composer/composer/composer@2.3.0-RC1
purl pkg:composer/composer/composer@2.3.0-RC1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.3.0-RC1
2
url pkg:composer/composer/composer@2.9.3
purl pkg:composer/composer/composer@2.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8pap-8xmr-m3ha
1
vulnerability VCID-kpnb-b563-1yft
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.9.3
aliases CVE-2025-67746, GHSA-59pp-r3rg-353g
risk_score 1.6
exploitability 0.5
weighted_severity 3.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1cgx-psut-e3hh
1
url VCID-4pb1-p6st-4kg4
vulnerability_id VCID-4pb1-p6st-4kg4
summary 
Inclusion of Functionality from Untrusted Control Sphere
Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code execution when Composer is invoked within a directory with tampered files. All Composer CLI commands are affected, including composer.phar's self-update. The following scenarios are of high risk: Composer being run with sudo, Pipelines which may execute Composer on untrusted projects, Shared environments with developers who run Composer individually on the same project. This vulnerability has been addressed in versions 2.7.0 and 2.2.23. It is advised that the patched versions are applied at the earliest convenience. Where not possible, the following should be addressed: Remove all sudo composer privileges for all users to mitigate root privilege escalation, and avoid running Composer within an untrusted directory, or if needed, verify that the contents of `vendor/composer/InstalledVersions.php` and `vendor/composer/installed.php` do not include untrusted code. A reset can also be done on these files by the following:```sh
rm vendor/composer/installed.php vendor/composer/InstalledVersions.php
composer install --no-scripts --no-plugins
```
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-24821
reference_id
reference_type
scores
0
value 0.00132
scoring_system epss
scoring_elements 0.32423
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-24821
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/composer/composer
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/composer/composer
3
reference_url https://github.com/composer/composer/commit/64e4eb356b159a30c766cd1ea83450a38dc23bf5
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-11T18:11:46Z/
url https://github.com/composer/composer/commit/64e4eb356b159a30c766cd1ea83450a38dc23bf5
4
reference_url https://github.com/composer/composer/commit/77e3982918bc1d886843dc3d5e575e7e871b27b7
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/composer/composer/commit/77e3982918bc1d886843dc3d5e575e7e871b27b7
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063603
reference_id 1063603
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063603
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-24821
reference_id CVE-2024-24821
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-24821
7
reference_url https://github.com/advisories/GHSA-7c6p-848j-wh5h
reference_id GHSA-7c6p-848j-wh5h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7c6p-848j-wh5h
8
reference_url https://github.com/composer/composer/security/advisories/GHSA-7c6p-848j-wh5h
reference_id GHSA-7c6p-848j-wh5h
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-11T18:11:46Z/
url https://github.com/composer/composer/security/advisories/GHSA-7c6p-848j-wh5h
9
reference_url https://usn.ubuntu.com/7603-1/
reference_id USN-7603-1
reference_type
scores
url https://usn.ubuntu.com/7603-1/
fixed_packages
0
url pkg:composer/composer/composer@2.2.23
purl pkg:composer/composer/composer@2.2.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cgx-psut-e3hh
1
vulnerability VCID-8pap-8xmr-m3ha
2
vulnerability VCID-kpnb-b563-1yft
3
vulnerability VCID-vy1p-sn17-uybt
4
vulnerability VCID-ww6j-dye5-7uac
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.2.23
1
url pkg:composer/composer/composer@2.3.0-RC1
purl pkg:composer/composer/composer@2.3.0-RC1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.3.0-RC1
2
url pkg:composer/composer/composer@2.7.0
purl pkg:composer/composer/composer@2.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cgx-psut-e3hh
1
vulnerability VCID-8pap-8xmr-m3ha
2
vulnerability VCID-kpnb-b563-1yft
3
vulnerability VCID-vy1p-sn17-uybt
4
vulnerability VCID-ww6j-dye5-7uac
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.7.0
aliases CVE-2024-24821, GHSA-7c6p-848j-wh5h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4pb1-p6st-4kg4
2
url VCID-8pap-8xmr-m3ha
vulnerability_id VCID-8pap-8xmr-m3ha
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40176.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40176.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40176
reference_id
reference_type
scores
0
value 0.00023
scoring_system epss
scoring_elements 0.06958
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40176
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/composer/composer
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/composer/composer
4
reference_url https://github.com/composer/composer/releases/tag/2.9.6
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-16T14:16:01Z/
url https://github.com/composer/composer/releases/tag/2.9.6
5
reference_url https://github.com/composer/composer/security/advisories/GHSA-wg36-wvj6-r67p
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-16T14:16:01Z/
url https://github.com/composer/composer/security/advisories/GHSA-wg36-wvj6-r67p
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/composer/composer/CVE-2026-40176.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/composer/composer/CVE-2026-40176.yaml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-40176
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-40176
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2458828
reference_id 2458828
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2458828
9
reference_url https://github.com/advisories/GHSA-wg36-wvj6-r67p
reference_id GHSA-wg36-wvj6-r67p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wg36-wvj6-r67p
10
reference_url https://access.redhat.com/errata/RHSA-2026:8165
reference_id RHSA-2026:8165
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8165
fixed_packages
0
url pkg:composer/composer/composer@2.10.0-RC1
purl pkg:composer/composer/composer@2.10.0-RC1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.10.0-RC1
1
url pkg:composer/composer/composer@2.2.27
purl pkg:composer/composer/composer@2.2.27
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.2.27
2
url pkg:composer/composer/composer@2.3.0-RC1
purl pkg:composer/composer/composer@2.3.0-RC1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.3.0-RC1
3
url pkg:composer/composer/composer@2.9.6
purl pkg:composer/composer/composer@2.9.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.9.6
aliases CVE-2026-40176, GHSA-wg36-wvj6-r67p
risk_score 3.5
exploitability 0.5
weighted_severity 7.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8pap-8xmr-m3ha
3
url VCID-fzya-vz4m-5yhu
vulnerability_id VCID-fzya-vz4m-5yhu
summary 
Composer Remote Code Execution vulnerability via web-accessible composer.phar
Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be impacted if PHP also has `register_argc_argv` enabled in php.ini.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-43655
reference_id
reference_type
scores
0
value 0.01575
scoring_system epss
scoring_elements 0.81859
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-43655
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/composer/composer
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/composer/composer
3
reference_url https://github.com/composer/composer/commit/4fce14795aba98e40b6c4f5047305aba17a6120d
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T16:22:54Z/
url https://github.com/composer/composer/commit/4fce14795aba98e40b6c4f5047305aba17a6120d
4
reference_url https://github.com/composer/composer/commit/955a48e6319c8962e5cd421b07c00ab3c728968c
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T16:22:54Z/
url https://github.com/composer/composer/commit/955a48e6319c8962e5cd421b07c00ab3c728968c
5
reference_url https://github.com/composer/composer/commit/95e091c921037b7b6564942845e7b738f6b95c9c
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T16:22:54Z/
url https://github.com/composer/composer/commit/95e091c921037b7b6564942845e7b738f6b95c9c
6
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00030.html
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T16:22:54Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00030.html
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66H2WKFUO255T3BZTL72TNYJYH2XM5FG
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66H2WKFUO255T3BZTL72TNYJYH2XM5FG
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7AWYAUZNH565NWPIKGEIYBWHYNM5JGAE
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7AWYAUZNH565NWPIKGEIYBWHYNM5JGAE
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFOPGPW2KS37O3KJWBRGTUWHTXCQXBS2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFOPGPW2KS37O3KJWBRGTUWHTXCQXBS2
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66H2WKFUO255T3BZTL72TNYJYH2XM5FG/
reference_id 66H2WKFUO255T3BZTL72TNYJYH2XM5FG
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T16:22:54Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66H2WKFUO255T3BZTL72TNYJYH2XM5FG/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7AWYAUZNH565NWPIKGEIYBWHYNM5JGAE/
reference_id 7AWYAUZNH565NWPIKGEIYBWHYNM5JGAE
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T16:22:54Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7AWYAUZNH565NWPIKGEIYBWHYNM5JGAE/
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-43655
reference_id CVE-2023-43655
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-43655
13
reference_url https://github.com/advisories/GHSA-jm6m-4632-36hf
reference_id GHSA-jm6m-4632-36hf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jm6m-4632-36hf
14
reference_url https://github.com/composer/composer/security/advisories/GHSA-jm6m-4632-36hf
reference_id GHSA-jm6m-4632-36hf
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T16:22:54Z/
url https://github.com/composer/composer/security/advisories/GHSA-jm6m-4632-36hf
15
reference_url https://security.gentoo.org/glsa/202508-06
reference_id GLSA-202508-06
reference_type
scores
url https://security.gentoo.org/glsa/202508-06
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFOPGPW2KS37O3KJWBRGTUWHTXCQXBS2/
reference_id KFOPGPW2KS37O3KJWBRGTUWHTXCQXBS2
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T16:22:54Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFOPGPW2KS37O3KJWBRGTUWHTXCQXBS2/
17
reference_url https://usn.ubuntu.com/7603-1/
reference_id USN-7603-1
reference_type
scores
url https://usn.ubuntu.com/7603-1/
fixed_packages
0
url pkg:composer/composer/composer@2.2.22
purl pkg:composer/composer/composer@2.2.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cgx-psut-e3hh
1
vulnerability VCID-4pb1-p6st-4kg4
2
vulnerability VCID-8pap-8xmr-m3ha
3
vulnerability VCID-kpnb-b563-1yft
4
vulnerability VCID-vy1p-sn17-uybt
5
vulnerability VCID-ww6j-dye5-7uac
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.2.22
1
url pkg:composer/composer/composer@2.3.0-RC1
purl pkg:composer/composer/composer@2.3.0-RC1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.3.0-RC1
2
url pkg:composer/composer/composer@2.6.4
purl pkg:composer/composer/composer@2.6.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cgx-psut-e3hh
1
vulnerability VCID-4pb1-p6st-4kg4
2
vulnerability VCID-8pap-8xmr-m3ha
3
vulnerability VCID-kpnb-b563-1yft
4
vulnerability VCID-vy1p-sn17-uybt
5
vulnerability VCID-ww6j-dye5-7uac
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.6.4
aliases CVE-2023-43655, GHSA-jm6m-4632-36hf
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fzya-vz4m-5yhu
4
url VCID-kpnb-b563-1yft
vulnerability_id VCID-kpnb-b563-1yft
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40261.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40261.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40261
reference_id
reference_type
scores
0
value 0.0005
scoring_system epss
scoring_elements 0.15878
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40261
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/composer/composer
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/composer/composer
4
reference_url https://github.com/composer/composer/releases/tag/2.9.6
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-16T13:41:03Z/
url https://github.com/composer/composer/releases/tag/2.9.6
5
reference_url https://github.com/composer/composer/security/advisories/GHSA-gqw4-4w2p-838q
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-16T13:41:03Z/
url https://github.com/composer/composer/security/advisories/GHSA-gqw4-4w2p-838q
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/composer/composer/CVE-2026-40261.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/composer/composer/CVE-2026-40261.yaml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-40261
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-40261
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2458841
reference_id 2458841
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2458841
9
reference_url https://github.com/advisories/GHSA-gqw4-4w2p-838q
reference_id GHSA-gqw4-4w2p-838q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gqw4-4w2p-838q
10
reference_url https://access.redhat.com/errata/RHSA-2026:8165
reference_id RHSA-2026:8165
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8165
fixed_packages
0
url pkg:composer/composer/composer@2.10.0-RC1
purl pkg:composer/composer/composer@2.10.0-RC1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.10.0-RC1
1
url pkg:composer/composer/composer@2.2.27
purl pkg:composer/composer/composer@2.2.27
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.2.27
2
url pkg:composer/composer/composer@2.3.0-RC1
purl pkg:composer/composer/composer@2.3.0-RC1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.3.0-RC1
3
url pkg:composer/composer/composer@2.9.6
purl pkg:composer/composer/composer@2.9.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.9.6
aliases CVE-2026-40261, GHSA-gqw4-4w2p-838q
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kpnb-b563-1yft
5
url VCID-vy1p-sn17-uybt
vulnerability_id VCID-vy1p-sn17-uybt
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-35241
reference_id
reference_type
scores
0
value 0.00442
scoring_system epss
scoring_elements 0.63573
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-35241
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35241
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35241
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/composer/composer
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/composer/composer
4
reference_url https://github.com/composer/composer/commit/b93fc6ca437da35ae73d667d0618749c763b67d4
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-15T20:42:58Z/
url https://github.com/composer/composer/commit/b93fc6ca437da35ae73d667d0618749c763b67d4
5
reference_url https://github.com/composer/composer/commit/ee28354ca8d33c15949ad7de2ce6656ba3f68704
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-15T20:42:58Z/
url https://github.com/composer/composer/commit/ee28354ca8d33c15949ad7de2ce6656ba3f68704
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PO4MU2BC7VR6LMHEX4X7DKGHVFXZV2MC
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PO4MU2BC7VR6LMHEX4X7DKGHVFXZV2MC
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLPJHM2WWSYU2F6KHW2BYFGYL4IGTKHC
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLPJHM2WWSYU2F6KHW2BYFGYL4IGTKHC
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073125
reference_id 1073125
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073125
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-35241
reference_id CVE-2024-35241
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-35241
10
reference_url https://www.vicarius.io/vsociety/posts/cve-2024-35241-detect-composer-vulnerability
reference_id CVE-2024-35241-DETECT-COMPOSER-VULNERABILITY
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.vicarius.io/vsociety/posts/cve-2024-35241-detect-composer-vulnerability
11
reference_url https://www.vicarius.io/vsociety/posts/cve-2024-35241-mitigate-vulnerable-composer
reference_id CVE-2024-35241-MITIGATE-VULNERABLE-COMPOSER
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.vicarius.io/vsociety/posts/cve-2024-35241-mitigate-vulnerable-composer
12
reference_url https://github.com/advisories/GHSA-47f6-5gq3-vx9c
reference_id GHSA-47f6-5gq3-vx9c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-47f6-5gq3-vx9c
13
reference_url https://github.com/composer/composer/security/advisories/GHSA-47f6-5gq3-vx9c
reference_id GHSA-47f6-5gq3-vx9c
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-15T20:42:58Z/
url https://github.com/composer/composer/security/advisories/GHSA-47f6-5gq3-vx9c
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PO4MU2BC7VR6LMHEX4X7DKGHVFXZV2MC/
reference_id PO4MU2BC7VR6LMHEX4X7DKGHVFXZV2MC
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-15T20:42:58Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PO4MU2BC7VR6LMHEX4X7DKGHVFXZV2MC/
15
reference_url https://usn.ubuntu.com/7603-1/
reference_id USN-7603-1
reference_type
scores
url https://usn.ubuntu.com/7603-1/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLPJHM2WWSYU2F6KHW2BYFGYL4IGTKHC/
reference_id VLPJHM2WWSYU2F6KHW2BYFGYL4IGTKHC
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-15T20:42:58Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLPJHM2WWSYU2F6KHW2BYFGYL4IGTKHC/
fixed_packages
0
url pkg:composer/composer/composer@2.2.24
purl pkg:composer/composer/composer@2.2.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cgx-psut-e3hh
1
vulnerability VCID-8pap-8xmr-m3ha
2
vulnerability VCID-kpnb-b563-1yft
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.2.24
1
url pkg:composer/composer/composer@2.3.0-RC1
purl pkg:composer/composer/composer@2.3.0-RC1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.3.0-RC1
2
url pkg:composer/composer/composer@2.7.7
purl pkg:composer/composer/composer@2.7.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cgx-psut-e3hh
1
vulnerability VCID-8pap-8xmr-m3ha
2
vulnerability VCID-kpnb-b563-1yft
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.7.7
aliases CVE-2024-35241, GHSA-47f6-5gq3-vx9c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vy1p-sn17-uybt
6
url VCID-ww6j-dye5-7uac
vulnerability_id VCID-ww6j-dye5-7uac
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-35242
reference_id
reference_type
scores
0
value 0.23787
scoring_system epss
scoring_elements 0.96104
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-35242
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/composer/composer
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/composer/composer
3
reference_url https://github.com/composer/composer/commit/6bd43dff859c597c09bd03a7e7d6443822d0a396
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-15T20:44:05Z/
url https://github.com/composer/composer/commit/6bd43dff859c597c09bd03a7e7d6443822d0a396
4
reference_url https://github.com/composer/composer/commit/fc57b93603d7d90b71ca8ec77b1c8a9171fdb467
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-15T20:44:05Z/
url https://github.com/composer/composer/commit/fc57b93603d7d90b71ca8ec77b1c8a9171fdb467
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PO4MU2BC7VR6LMHEX4X7DKGHVFXZV2MC
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PO4MU2BC7VR6LMHEX4X7DKGHVFXZV2MC
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLPJHM2WWSYU2F6KHW2BYFGYL4IGTKHC
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLPJHM2WWSYU2F6KHW2BYFGYL4IGTKHC
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073126
reference_id 1073126
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073126
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-35242
reference_id CVE-2024-35242
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-35242
9
reference_url https://github.com/advisories/GHSA-v9qv-c7wm-wgmf
reference_id GHSA-v9qv-c7wm-wgmf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v9qv-c7wm-wgmf
10
reference_url https://github.com/composer/composer/security/advisories/GHSA-v9qv-c7wm-wgmf
reference_id GHSA-v9qv-c7wm-wgmf
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-15T20:44:05Z/
url https://github.com/composer/composer/security/advisories/GHSA-v9qv-c7wm-wgmf
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PO4MU2BC7VR6LMHEX4X7DKGHVFXZV2MC/
reference_id PO4MU2BC7VR6LMHEX4X7DKGHVFXZV2MC
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-15T20:44:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PO4MU2BC7VR6LMHEX4X7DKGHVFXZV2MC/
12
reference_url https://usn.ubuntu.com/7603-1/
reference_id USN-7603-1
reference_type
scores
url https://usn.ubuntu.com/7603-1/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLPJHM2WWSYU2F6KHW2BYFGYL4IGTKHC/
reference_id VLPJHM2WWSYU2F6KHW2BYFGYL4IGTKHC
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-15T20:44:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLPJHM2WWSYU2F6KHW2BYFGYL4IGTKHC/
fixed_packages
0
url pkg:composer/composer/composer@2.2.24
purl pkg:composer/composer/composer@2.2.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cgx-psut-e3hh
1
vulnerability VCID-8pap-8xmr-m3ha
2
vulnerability VCID-kpnb-b563-1yft
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.2.24
1
url pkg:composer/composer/composer@2.3.0-RC1
purl pkg:composer/composer/composer@2.3.0-RC1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.3.0-RC1
2
url pkg:composer/composer/composer@2.7.7
purl pkg:composer/composer/composer@2.7.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cgx-psut-e3hh
1
vulnerability VCID-8pap-8xmr-m3ha
2
vulnerability VCID-kpnb-b563-1yft
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.7.7
aliases CVE-2024-35242, GHSA-v9qv-c7wm-wgmf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ww6j-dye5-7uac
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.2.14