VulnerableCode Package Details - pkg:composer/composer/composer@2.9.5

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/composer/composer@2.9.5

purl	pkg:composer/composer/composer@2.9.5

Next non-vulnerable version	2.9.6
Latest non-vulnerable version	2.10.0-RC1
Risk	4.0

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-a5f8-n9d2-eqff Aliases: CVE-2026-40176 GHSA-wg36-wvj6-r67p		2.9.6 Affected by 0 other vulnerabilities. 2.10.0-RC1 Affected by 0 other vulnerabilities.
VCID-byja-84wd-bbep Aliases: CVE-2026-40261 GHSA-gqw4-4w2p-838q		2.9.6 Affected by 0 other vulnerabilities. 2.10.0-RC1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-a5f8-n9d2-eqff
Aliases:
CVE-2026-40176
GHSA-wg36-wvj6-r67p

2.9.6
Affected by 0 other vulnerabilities.

2.10.0-RC1
Affected by 0 other vulnerabilities.

VCID-byja-84wd-bbep
Aliases:
CVE-2026-40261
GHSA-gqw4-4w2p-838q

2.9.6
Affected by 0 other vulnerabilities.

2.10.0-RC1
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T22:03:55.074739+00:00	GitLab Importer	Affected by	VCID-byja-84wd-bbep	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/composer/composer/CVE-2026-40261.yml	38.6.0
2026-06-12T22:02:36.784411+00:00	GitLab Importer	Affected by	VCID-a5f8-n9d2-eqff	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/composer/composer/CVE-2026-40176.yml	38.6.0