Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/composio@0.7.20

Type pypi

Namespace

Name composio

Version 0.7.20

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-kz2y-ywjb-jfed

vulnerability_id VCID-kz2y-ywjb-jfed

summary

ComposioHQ has a directory traversal vulnerability
Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via the _download_file_or_dir function.

references

reference_url	https://github.com/ComposioHQ/composio
reference_id
reference_type
scores
url	https://github.com/ComposioHQ/composio

reference_url	https://github.com/ComposioHQ/composio/blob/master/python/composio/server/api.py#L278
reference_id
reference_type
scores
url	https://github.com/ComposioHQ/composio/blob/master/python/composio/server/api.py#L278

reference_url	https://github.com/TOAST-Research/pocs/blob/main/composio/composio_1.md
reference_id
reference_type
scores
url	https://github.com/TOAST-Research/pocs/blob/main/composio/composio_1.md

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2025-56427
reference_id	CVE-2025-56427
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2025-56427

reference_url	https://github.com/advisories/GHSA-3mwv-j45g-vp3w
reference_id	GHSA-3mwv-j45g-vp3w
reference_type
scores
url	https://github.com/advisories/GHSA-3mwv-j45g-vp3w

fixed_packages

aliases CVE-2025-56427, GHSA-3mwv-j45g-vp3w

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kz2y-ywjb-jfed

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/composio@0.7.20

Package Instance