Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/composer@2.0.9-2%2Bdeb11u4?distro=trixie
Typedeb
Namespacedebian
Namecomposer
Version2.0.9-2+deb11u4
Qualifiers
distro trixie
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.2.12-1
Latest_non_vulnerable_version2.10.1-2
Affected_by_vulnerabilities
0
url VCID-a5f8-n9d2-eqff
vulnerability_id VCID-a5f8-n9d2-eqff
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40176.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40176.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40176
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05593
published_at 2026-06-11T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.0562
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40176
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40176
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40176
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/composer/composer/CVE-2026-40176.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/composer/composer/CVE-2026-40176.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-40176
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-40176
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2458828
reference_id 2458828
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2458828
7
reference_url https://github.com/composer/composer/releases/tag/2.9.6
reference_id 2.9.6
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-16T14:16:01Z/
url https://github.com/composer/composer/releases/tag/2.9.6
8
reference_url https://github.com/advisories/GHSA-wg36-wvj6-r67p
reference_id GHSA-wg36-wvj6-r67p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wg36-wvj6-r67p
9
reference_url https://github.com/composer/composer/security/advisories/GHSA-wg36-wvj6-r67p
reference_id GHSA-wg36-wvj6-r67p
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-16T14:16:01Z/
url https://github.com/composer/composer/security/advisories/GHSA-wg36-wvj6-r67p
10
reference_url https://access.redhat.com/errata/RHSA-2026:8165
reference_id RHSA-2026:8165
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8165
fixed_packages
0
url pkg:deb/debian/composer@2.5.5-1%2Bdeb12u4?distro=trixie
purl pkg:deb/debian/composer@2.5.5-1%2Bdeb12u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.5.5-1%252Bdeb12u4%3Fdistro=trixie
1
url pkg:deb/debian/composer@2.8.8-1%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/composer@2.8.8-1%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.8.8-1%252Bdeb13u2%3Fdistro=trixie
2
url pkg:deb/debian/composer@2.9.7-1?distro=trixie
purl pkg:deb/debian/composer@2.9.7-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.9.7-1%3Fdistro=trixie
3
url pkg:deb/debian/composer@2.10.1-1?distro=trixie
purl pkg:deb/debian/composer@2.10.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.10.1-1%3Fdistro=trixie
4
url pkg:deb/debian/composer@2.10.1-2?distro=trixie
purl pkg:deb/debian/composer@2.10.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.10.1-2%3Fdistro=trixie
aliases CVE-2026-40176, GHSA-wg36-wvj6-r67p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a5f8-n9d2-eqff
1
url VCID-byja-84wd-bbep
vulnerability_id VCID-byja-84wd-bbep
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40261.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40261.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40261
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.13004
published_at 2026-06-11T12:55:00Z
1
value 0.00042
scoring_system epss
scoring_elements 0.131
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40261
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40261
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40261
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/composer/composer/CVE-2026-40261.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/composer/composer/CVE-2026-40261.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-40261
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-40261
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2458841
reference_id 2458841
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2458841
7
reference_url https://github.com/composer/composer/releases/tag/2.9.6
reference_id 2.9.6
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-16T13:41:03Z/
url https://github.com/composer/composer/releases/tag/2.9.6
8
reference_url https://github.com/advisories/GHSA-gqw4-4w2p-838q
reference_id GHSA-gqw4-4w2p-838q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gqw4-4w2p-838q
9
reference_url https://github.com/composer/composer/security/advisories/GHSA-gqw4-4w2p-838q
reference_id GHSA-gqw4-4w2p-838q
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-16T13:41:03Z/
url https://github.com/composer/composer/security/advisories/GHSA-gqw4-4w2p-838q
10
reference_url https://access.redhat.com/errata/RHSA-2026:8165
reference_id RHSA-2026:8165
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8165
fixed_packages
0
url pkg:deb/debian/composer@2.5.5-1%2Bdeb12u4?distro=trixie
purl pkg:deb/debian/composer@2.5.5-1%2Bdeb12u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.5.5-1%252Bdeb12u4%3Fdistro=trixie
1
url pkg:deb/debian/composer@2.8.8-1%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/composer@2.8.8-1%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.8.8-1%252Bdeb13u2%3Fdistro=trixie
2
url pkg:deb/debian/composer@2.9.7-1?distro=trixie
purl pkg:deb/debian/composer@2.9.7-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.9.7-1%3Fdistro=trixie
3
url pkg:deb/debian/composer@2.10.1-1?distro=trixie
purl pkg:deb/debian/composer@2.10.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.10.1-1%3Fdistro=trixie
4
url pkg:deb/debian/composer@2.10.1-2?distro=trixie
purl pkg:deb/debian/composer@2.10.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.10.1-2%3Fdistro=trixie
aliases CVE-2026-40261, GHSA-gqw4-4w2p-838q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-byja-84wd-bbep
2
url VCID-cp3v-jxnh-tug6
vulnerability_id VCID-cp3v-jxnh-tug6
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67746.json
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67746.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67746
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.07317
published_at 2026-06-11T12:55:00Z
1
value 0.00025
scoring_system epss
scoring_elements 0.0736
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67746
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67746
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67746
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/composer/composer/commit/1d40a95c9d39a6b7f80d404ab30336c586da9917
reference_id 1d40a95c9d39a6b7f80d404ab30336c586da9917
reference_type
scores
0
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-30T17:17:14Z/
url https://github.com/composer/composer/commit/1d40a95c9d39a6b7f80d404ab30336c586da9917
5
reference_url https://github.com/composer/composer/releases/tag/2.2.26
reference_id 2.2.26
reference_type
scores
0
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-30T17:17:14Z/
url https://github.com/composer/composer/releases/tag/2.2.26
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2426283
reference_id 2426283
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2426283
7
reference_url https://github.com/composer/composer/releases/tag/2.9.3
reference_id 2.9.3
reference_type
scores
0
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-30T17:17:14Z/
url https://github.com/composer/composer/releases/tag/2.9.3
8
reference_url https://github.com/composer/composer/commit/5db1876a76fdef76d3c4f8a27995c434c7a43e71
reference_id 5db1876a76fdef76d3c4f8a27995c434c7a43e71
reference_type
scores
0
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-30T17:17:14Z/
url https://github.com/composer/composer/commit/5db1876a76fdef76d3c4f8a27995c434c7a43e71
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-67746
reference_id CVE-2025-67746
reference_type
scores
0
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-67746
10
reference_url https://github.com/advisories/GHSA-59pp-r3rg-353g
reference_id GHSA-59pp-r3rg-353g
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-59pp-r3rg-353g
11
reference_url https://github.com/composer/composer/security/advisories/GHSA-59pp-r3rg-353g
reference_id GHSA-59pp-r3rg-353g
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
2
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-30T17:17:14Z/
url https://github.com/composer/composer/security/advisories/GHSA-59pp-r3rg-353g
12
reference_url https://access.redhat.com/errata/RHSA-2026:8165
reference_id RHSA-2026:8165
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8165
fixed_packages
0
url pkg:deb/debian/composer@2.5.5-1%2Bdeb12u3?distro=trixie
purl pkg:deb/debian/composer@2.5.5-1%2Bdeb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.5.5-1%252Bdeb12u3%3Fdistro=trixie
1
url pkg:deb/debian/composer@2.5.5-1%2Bdeb12u4?distro=trixie
purl pkg:deb/debian/composer@2.5.5-1%2Bdeb12u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.5.5-1%252Bdeb12u4%3Fdistro=trixie
2
url pkg:deb/debian/composer@2.8.8-1%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/composer@2.8.8-1%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.8.8-1%252Bdeb13u1%3Fdistro=trixie
3
url pkg:deb/debian/composer@2.8.8-1%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/composer@2.8.8-1%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.8.8-1%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/composer@2.9.3-1?distro=trixie
purl pkg:deb/debian/composer@2.9.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.9.3-1%3Fdistro=trixie
5
url pkg:deb/debian/composer@2.10.1-1?distro=trixie
purl pkg:deb/debian/composer@2.10.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.10.1-1%3Fdistro=trixie
6
url pkg:deb/debian/composer@2.10.1-2?distro=trixie
purl pkg:deb/debian/composer@2.10.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.10.1-2%3Fdistro=trixie
aliases CVE-2025-67746, GHSA-59pp-r3rg-353g
risk_score 1.6
exploitability 0.5
weighted_severity 3.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cp3v-jxnh-tug6
3
url VCID-h6a3-5vxq-pfav
vulnerability_id VCID-h6a3-5vxq-pfav
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-43655
reference_id
reference_type
scores
0
value 0.01533
scoring_system epss
scoring_elements 0.81791
published_at 2026-06-12T12:55:00Z
1
value 0.01533
scoring_system epss
scoring_elements 0.8173
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-43655
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43655
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43655
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66H2WKFUO255T3BZTL72TNYJYH2XM5FG
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66H2WKFUO255T3BZTL72TNYJYH2XM5FG
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7AWYAUZNH565NWPIKGEIYBWHYNM5JGAE
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7AWYAUZNH565NWPIKGEIYBWHYNM5JGAE
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFOPGPW2KS37O3KJWBRGTUWHTXCQXBS2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFOPGPW2KS37O3KJWBRGTUWHTXCQXBS2
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-43655
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-43655
7
reference_url https://github.com/composer/composer/commit/4fce14795aba98e40b6c4f5047305aba17a6120d
reference_id 4fce14795aba98e40b6c4f5047305aba17a6120d
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T16:22:54Z/
url https://github.com/composer/composer/commit/4fce14795aba98e40b6c4f5047305aba17a6120d
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66H2WKFUO255T3BZTL72TNYJYH2XM5FG/
reference_id 66H2WKFUO255T3BZTL72TNYJYH2XM5FG
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T16:22:54Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66H2WKFUO255T3BZTL72TNYJYH2XM5FG/
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7AWYAUZNH565NWPIKGEIYBWHYNM5JGAE/
reference_id 7AWYAUZNH565NWPIKGEIYBWHYNM5JGAE
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T16:22:54Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7AWYAUZNH565NWPIKGEIYBWHYNM5JGAE/
10
reference_url https://github.com/composer/composer/commit/955a48e6319c8962e5cd421b07c00ab3c728968c
reference_id 955a48e6319c8962e5cd421b07c00ab3c728968c
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T16:22:54Z/
url https://github.com/composer/composer/commit/955a48e6319c8962e5cd421b07c00ab3c728968c
11
reference_url https://github.com/composer/composer/commit/95e091c921037b7b6564942845e7b738f6b95c9c
reference_id 95e091c921037b7b6564942845e7b738f6b95c9c
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T16:22:54Z/
url https://github.com/composer/composer/commit/95e091c921037b7b6564942845e7b738f6b95c9c
12
reference_url https://github.com/advisories/GHSA-jm6m-4632-36hf
reference_id GHSA-jm6m-4632-36hf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jm6m-4632-36hf
13
reference_url https://github.com/composer/composer/security/advisories/GHSA-jm6m-4632-36hf
reference_id GHSA-jm6m-4632-36hf
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T16:22:54Z/
url https://github.com/composer/composer/security/advisories/GHSA-jm6m-4632-36hf
14
reference_url https://security.gentoo.org/glsa/202508-06
reference_id GLSA-202508-06
reference_type
scores
url https://security.gentoo.org/glsa/202508-06
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFOPGPW2KS37O3KJWBRGTUWHTXCQXBS2/
reference_id KFOPGPW2KS37O3KJWBRGTUWHTXCQXBS2
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T16:22:54Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFOPGPW2KS37O3KJWBRGTUWHTXCQXBS2/
16
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00030.html
reference_id msg00030.html
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T16:22:54Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00030.html
17
reference_url https://usn.ubuntu.com/7603-1/
reference_id USN-7603-1
reference_type
scores
url https://usn.ubuntu.com/7603-1/
fixed_packages
0
url pkg:deb/debian/composer@2.5.5-1%2Bdeb12u4?distro=trixie
purl pkg:deb/debian/composer@2.5.5-1%2Bdeb12u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.5.5-1%252Bdeb12u4%3Fdistro=trixie
1
url pkg:deb/debian/composer@2.6.4-1?distro=trixie
purl pkg:deb/debian/composer@2.6.4-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.6.4-1%3Fdistro=trixie
2
url pkg:deb/debian/composer@2.8.8-1%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/composer@2.8.8-1%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.8.8-1%252Bdeb13u2%3Fdistro=trixie
3
url pkg:deb/debian/composer@2.10.1-1?distro=trixie
purl pkg:deb/debian/composer@2.10.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.10.1-1%3Fdistro=trixie
4
url pkg:deb/debian/composer@2.10.1-2?distro=trixie
purl pkg:deb/debian/composer@2.10.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.10.1-2%3Fdistro=trixie
aliases CVE-2023-43655, GHSA-jm6m-4632-36hf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h6a3-5vxq-pfav
Fixing_vulnerabilities
0
url VCID-4a1g-pkej-vkgh
vulnerability_id VCID-4a1g-pkej-vkgh
summary arbitrary command execution
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41116
reference_id
reference_type
scores
0
value 0.00969
scoring_system epss
scoring_elements 0.77102
published_at 2026-06-12T12:55:00Z
1
value 0.00969
scoring_system epss
scoring_elements 0.77031
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41116
1
reference_url https://github.com/composer/composer/commit/ca5e2f8d505fd3bfac6f7c85b82f2740becbc0aa
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/composer/composer/commit/ca5e2f8d505fd3bfac6f7c85b82f2740becbc0aa
2
reference_url https://github.com/composer/composer/security/advisories/GHSA-frqg-7g38-6gcf
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/composer/composer/security/advisories/GHSA-frqg-7g38-6gcf
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/composer/composer/CVE-2021-41116.yaml
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/composer/composer/CVE-2021-41116.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41116
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41116
5
reference_url https://www.sonarsource.com/blog/securing-developer-tools-package-managers
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.sonarsource.com/blog/securing-developer-tools-package-managers
6
reference_url https://security.archlinux.org/AVG-2446
reference_id AVG-2446
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2446
7
reference_url https://github.com/advisories/GHSA-frqg-7g38-6gcf
reference_id GHSA-frqg-7g38-6gcf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-frqg-7g38-6gcf
fixed_packages
0
url pkg:deb/debian/composer@0?distro=trixie
purl pkg:deb/debian/composer@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@0%3Fdistro=trixie
1
url pkg:deb/debian/composer@2.0.9-2%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/composer@2.0.9-2%2Bdeb11u4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a5f8-n9d2-eqff
1
vulnerability VCID-byja-84wd-bbep
2
vulnerability VCID-cp3v-jxnh-tug6
3
vulnerability VCID-h6a3-5vxq-pfav
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.0.9-2%252Bdeb11u4%3Fdistro=trixie
2
url pkg:deb/debian/composer@2.5.5-1%2Bdeb12u4?distro=trixie
purl pkg:deb/debian/composer@2.5.5-1%2Bdeb12u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.5.5-1%252Bdeb12u4%3Fdistro=trixie
3
url pkg:deb/debian/composer@2.8.8-1%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/composer@2.8.8-1%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.8.8-1%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/composer@2.10.1-1?distro=trixie
purl pkg:deb/debian/composer@2.10.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.10.1-1%3Fdistro=trixie
5
url pkg:deb/debian/composer@2.10.1-2?distro=trixie
purl pkg:deb/debian/composer@2.10.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.10.1-2%3Fdistro=trixie
aliases CVE-2021-41116, GHSA-frqg-7g38-6gcf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4a1g-pkej-vkgh
1
url VCID-58ua-fyne-u7fj
vulnerability_id VCID-58ua-fyne-u7fj
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-35241
reference_id
reference_type
scores
0
value 0.0043
scoring_system epss
scoring_elements 0.62983
published_at 2026-06-11T12:55:00Z
1
value 0.0043
scoring_system epss
scoring_elements 0.63085
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-35241
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35241
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35241
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35242
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35242
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PO4MU2BC7VR6LMHEX4X7DKGHVFXZV2MC
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PO4MU2BC7VR6LMHEX4X7DKGHVFXZV2MC
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLPJHM2WWSYU2F6KHW2BYFGYL4IGTKHC
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLPJHM2WWSYU2F6KHW2BYFGYL4IGTKHC
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073125
reference_id 1073125
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073125
7
reference_url https://github.com/composer/composer/commit/b93fc6ca437da35ae73d667d0618749c763b67d4
reference_id b93fc6ca437da35ae73d667d0618749c763b67d4
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-15T20:42:58Z/
url https://github.com/composer/composer/commit/b93fc6ca437da35ae73d667d0618749c763b67d4
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-35241
reference_id CVE-2024-35241
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-35241
9
reference_url https://www.vicarius.io/vsociety/posts/cve-2024-35241-detect-composer-vulnerability
reference_id CVE-2024-35241-DETECT-COMPOSER-VULNERABILITY
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.vicarius.io/vsociety/posts/cve-2024-35241-detect-composer-vulnerability
10
reference_url https://www.vicarius.io/vsociety/posts/cve-2024-35241-mitigate-vulnerable-composer
reference_id CVE-2024-35241-MITIGATE-VULNERABLE-COMPOSER
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.vicarius.io/vsociety/posts/cve-2024-35241-mitigate-vulnerable-composer
11
reference_url https://github.com/composer/composer/commit/ee28354ca8d33c15949ad7de2ce6656ba3f68704
reference_id ee28354ca8d33c15949ad7de2ce6656ba3f68704
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-15T20:42:58Z/
url https://github.com/composer/composer/commit/ee28354ca8d33c15949ad7de2ce6656ba3f68704
12
reference_url https://github.com/advisories/GHSA-47f6-5gq3-vx9c
reference_id GHSA-47f6-5gq3-vx9c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-47f6-5gq3-vx9c
13
reference_url https://github.com/composer/composer/security/advisories/GHSA-47f6-5gq3-vx9c
reference_id GHSA-47f6-5gq3-vx9c
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-15T20:42:58Z/
url https://github.com/composer/composer/security/advisories/GHSA-47f6-5gq3-vx9c
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PO4MU2BC7VR6LMHEX4X7DKGHVFXZV2MC/
reference_id PO4MU2BC7VR6LMHEX4X7DKGHVFXZV2MC
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-15T20:42:58Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PO4MU2BC7VR6LMHEX4X7DKGHVFXZV2MC/
15
reference_url https://usn.ubuntu.com/7603-1/
reference_id USN-7603-1
reference_type
scores
url https://usn.ubuntu.com/7603-1/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLPJHM2WWSYU2F6KHW2BYFGYL4IGTKHC/
reference_id VLPJHM2WWSYU2F6KHW2BYFGYL4IGTKHC
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-15T20:42:58Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLPJHM2WWSYU2F6KHW2BYFGYL4IGTKHC/
fixed_packages
0
url pkg:deb/debian/composer@2.0.9-2%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/composer@2.0.9-2%2Bdeb11u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.0.9-2%252Bdeb11u3%3Fdistro=trixie
1
url pkg:deb/debian/composer@2.0.9-2%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/composer@2.0.9-2%2Bdeb11u4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a5f8-n9d2-eqff
1
vulnerability VCID-byja-84wd-bbep
2
vulnerability VCID-cp3v-jxnh-tug6
3
vulnerability VCID-h6a3-5vxq-pfav
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.0.9-2%252Bdeb11u4%3Fdistro=trixie
2
url pkg:deb/debian/composer@2.5.5-1%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/composer@2.5.5-1%2Bdeb12u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.5.5-1%252Bdeb12u2%3Fdistro=trixie
3
url pkg:deb/debian/composer@2.5.5-1%2Bdeb12u4?distro=trixie
purl pkg:deb/debian/composer@2.5.5-1%2Bdeb12u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.5.5-1%252Bdeb12u4%3Fdistro=trixie
4
url pkg:deb/debian/composer@2.7.7-1?distro=trixie
purl pkg:deb/debian/composer@2.7.7-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.7.7-1%3Fdistro=trixie
5
url pkg:deb/debian/composer@2.8.8-1%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/composer@2.8.8-1%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.8.8-1%252Bdeb13u2%3Fdistro=trixie
6
url pkg:deb/debian/composer@2.10.1-1?distro=trixie
purl pkg:deb/debian/composer@2.10.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.10.1-1%3Fdistro=trixie
7
url pkg:deb/debian/composer@2.10.1-2?distro=trixie
purl pkg:deb/debian/composer@2.10.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.10.1-2%3Fdistro=trixie
aliases CVE-2024-35241, GHSA-47f6-5gq3-vx9c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-58ua-fyne-u7fj
2
url VCID-846w-vyk9-qfcp
vulnerability_id VCID-846w-vyk9-qfcp
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45793
reference_id
reference_type
scores
0
value 0.0006
scoring_system epss
scoring_elements 0.19192
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45793
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45793
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45793
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/composer/composer/CVE-2026-45793.yaml
reference_id CVE-2026-45793.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/composer/composer/CVE-2026-45793.yaml
3
reference_url https://github.com/advisories/GHSA-f9f8-rm49-7jv2
reference_id GHSA-f9f8-rm49-7jv2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f9f8-rm49-7jv2
4
reference_url https://github.com/composer/composer/security/advisories/GHSA-f9f8-rm49-7jv2
reference_id GHSA-f9f8-rm49-7jv2
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/composer/composer/security/advisories/GHSA-f9f8-rm49-7jv2
fixed_packages
0
url pkg:deb/debian/composer@0.9.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/composer@0.9.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@0.9.1%252Bdfsg-1%3Fdistro=trixie
1
url pkg:deb/debian/composer@2.0.9-2%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/composer@2.0.9-2%2Bdeb11u4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a5f8-n9d2-eqff
1
vulnerability VCID-byja-84wd-bbep
2
vulnerability VCID-cp3v-jxnh-tug6
3
vulnerability VCID-h6a3-5vxq-pfav
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.0.9-2%252Bdeb11u4%3Fdistro=trixie
2
url pkg:deb/debian/composer@2.5.5-1%2Bdeb12u4?distro=trixie
purl pkg:deb/debian/composer@2.5.5-1%2Bdeb12u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.5.5-1%252Bdeb12u4%3Fdistro=trixie
3
url pkg:deb/debian/composer@2.8.8-1%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/composer@2.8.8-1%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.8.8-1%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/composer@2.10.1-1?distro=trixie
purl pkg:deb/debian/composer@2.10.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.10.1-1%3Fdistro=trixie
5
url pkg:deb/debian/composer@2.10.1-2?distro=trixie
purl pkg:deb/debian/composer@2.10.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.10.1-2%3Fdistro=trixie
aliases CVE-2026-45793, GHSA-f9f8-rm49-7jv2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-846w-vyk9-qfcp
3
url VCID-jfte-fyut-13cr
vulnerability_id VCID-jfte-fyut-13cr
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24828
reference_id
reference_type
scores
0
value 0.00162
scoring_system epss
scoring_elements 0.36968
published_at 2026-06-11T12:55:00Z
1
value 0.00162
scoring_system epss
scoring_elements 0.37146
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24828
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24828
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24828
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/composer/composer/commit/2c40c53637c5c7e43fff7c09d3d324d632734709
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/composer/composer/commit/2c40c53637c5c7e43fff7c09d3d324d632734709
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/625MT3IKWKFVIWLSYZFSXHVUA2LES7YQ
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/625MT3IKWKFVIWLSYZFSXHVUA2LES7YQ
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/625MT3IKWKFVIWLSYZFSXHVUA2LES7YQ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/625MT3IKWKFVIWLSYZFSXHVUA2LES7YQ/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GWT6LDSRY7SFMTDZWJ4MS2ZBXHL7VQEF
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GWT6LDSRY7SFMTDZWJ4MS2ZBXHL7VQEF
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GWT6LDSRY7SFMTDZWJ4MS2ZBXHL7VQEF/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GWT6LDSRY7SFMTDZWJ4MS2ZBXHL7VQEF/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QD7JQWL6C4GVROO25DTXWYWM6BPOPPCG
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QD7JQWL6C4GVROO25DTXWYWM6BPOPPCG
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QD7JQWL6C4GVROO25DTXWYWM6BPOPPCG/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QD7JQWL6C4GVROO25DTXWYWM6BPOPPCG/
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009960
reference_id 1009960
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009960
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24828
reference_id CVE-2022-24828
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24828
12
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/composer/composer/CVE-2022-24828.yaml
reference_id CVE-2022-24828.YAML
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/composer/composer/CVE-2022-24828.yaml
13
reference_url https://github.com/advisories/GHSA-x7cr-6qr6-2hh6
reference_id GHSA-x7cr-6qr6-2hh6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x7cr-6qr6-2hh6
14
reference_url https://github.com/composer/composer/security/advisories/GHSA-x7cr-6qr6-2hh6
reference_id GHSA-x7cr-6qr6-2hh6
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/composer/composer/security/advisories/GHSA-x7cr-6qr6-2hh6
15
reference_url https://security.gentoo.org/glsa/202508-06
reference_id GLSA-202508-06
reference_type
scores
url https://security.gentoo.org/glsa/202508-06
16
reference_url https://usn.ubuntu.com/7603-1/
reference_id USN-7603-1
reference_type
scores
url https://usn.ubuntu.com/7603-1/
fixed_packages
0
url pkg:deb/debian/composer@2.0.9-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/composer@2.0.9-2%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.0.9-2%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/composer@2.0.9-2%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/composer@2.0.9-2%2Bdeb11u4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a5f8-n9d2-eqff
1
vulnerability VCID-byja-84wd-bbep
2
vulnerability VCID-cp3v-jxnh-tug6
3
vulnerability VCID-h6a3-5vxq-pfav
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.0.9-2%252Bdeb11u4%3Fdistro=trixie
2
url pkg:deb/debian/composer@2.2.12-1?distro=trixie
purl pkg:deb/debian/composer@2.2.12-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.2.12-1%3Fdistro=trixie
3
url pkg:deb/debian/composer@2.5.5-1%2Bdeb12u4?distro=trixie
purl pkg:deb/debian/composer@2.5.5-1%2Bdeb12u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.5.5-1%252Bdeb12u4%3Fdistro=trixie
4
url pkg:deb/debian/composer@2.8.8-1%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/composer@2.8.8-1%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.8.8-1%252Bdeb13u2%3Fdistro=trixie
5
url pkg:deb/debian/composer@2.10.1-1?distro=trixie
purl pkg:deb/debian/composer@2.10.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.10.1-1%3Fdistro=trixie
6
url pkg:deb/debian/composer@2.10.1-2?distro=trixie
purl pkg:deb/debian/composer@2.10.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.10.1-2%3Fdistro=trixie
aliases CVE-2022-24828, GHSA-x7cr-6qr6-2hh6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jfte-fyut-13cr
4
url VCID-msjj-w941-33aj
vulnerability_id VCID-msjj-w941-33aj
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-24821
reference_id
reference_type
scores
0
value 0.00128
scoring_system epss
scoring_elements 0.31815
published_at 2026-06-11T12:55:00Z
1
value 0.00128
scoring_system epss
scoring_elements 0.32001
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-24821
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24821
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24821
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/composer/composer/commit/77e3982918bc1d886843dc3d5e575e7e871b27b7
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/composer/composer/commit/77e3982918bc1d886843dc3d5e575e7e871b27b7
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063603
reference_id 1063603
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063603
5
reference_url https://github.com/composer/composer/commit/64e4eb356b159a30c766cd1ea83450a38dc23bf5
reference_id 64e4eb356b159a30c766cd1ea83450a38dc23bf5
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-11T18:11:46Z/
url https://github.com/composer/composer/commit/64e4eb356b159a30c766cd1ea83450a38dc23bf5
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-24821
reference_id CVE-2024-24821
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-24821
7
reference_url https://github.com/advisories/GHSA-7c6p-848j-wh5h
reference_id GHSA-7c6p-848j-wh5h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7c6p-848j-wh5h
8
reference_url https://github.com/composer/composer/security/advisories/GHSA-7c6p-848j-wh5h
reference_id GHSA-7c6p-848j-wh5h
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-11T18:11:46Z/
url https://github.com/composer/composer/security/advisories/GHSA-7c6p-848j-wh5h
9
reference_url https://usn.ubuntu.com/7603-1/
reference_id USN-7603-1
reference_type
scores
url https://usn.ubuntu.com/7603-1/
fixed_packages
0
url pkg:deb/debian/composer@2.0.9-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/composer@2.0.9-2%2Bdeb11u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.0.9-2%252Bdeb11u2%3Fdistro=trixie
1
url pkg:deb/debian/composer@2.0.9-2%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/composer@2.0.9-2%2Bdeb11u4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a5f8-n9d2-eqff
1
vulnerability VCID-byja-84wd-bbep
2
vulnerability VCID-cp3v-jxnh-tug6
3
vulnerability VCID-h6a3-5vxq-pfav
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.0.9-2%252Bdeb11u4%3Fdistro=trixie
2
url pkg:deb/debian/composer@2.5.5-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/composer@2.5.5-1%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.5.5-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/composer@2.5.5-1%2Bdeb12u4?distro=trixie
purl pkg:deb/debian/composer@2.5.5-1%2Bdeb12u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.5.5-1%252Bdeb12u4%3Fdistro=trixie
4
url pkg:deb/debian/composer@2.7.1-1?distro=trixie
purl pkg:deb/debian/composer@2.7.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.7.1-1%3Fdistro=trixie
5
url pkg:deb/debian/composer@2.8.8-1%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/composer@2.8.8-1%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.8.8-1%252Bdeb13u2%3Fdistro=trixie
6
url pkg:deb/debian/composer@2.10.1-1?distro=trixie
purl pkg:deb/debian/composer@2.10.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.10.1-1%3Fdistro=trixie
7
url pkg:deb/debian/composer@2.10.1-2?distro=trixie
purl pkg:deb/debian/composer@2.10.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.10.1-2%3Fdistro=trixie
aliases CVE-2024-24821, GHSA-7c6p-848j-wh5h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-msjj-w941-33aj
5
url VCID-nfz6-bse5-xyen
vulnerability_id VCID-nfz6-bse5-xyen
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-35242
reference_id
reference_type
scores
0
value 0.23787
scoring_system epss
scoring_elements 0.96141
published_at 2026-06-12T12:55:00Z
1
value 0.23787
scoring_system epss
scoring_elements 0.9613
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-35242
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35241
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35241
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35242
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35242
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PO4MU2BC7VR6LMHEX4X7DKGHVFXZV2MC
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PO4MU2BC7VR6LMHEX4X7DKGHVFXZV2MC
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLPJHM2WWSYU2F6KHW2BYFGYL4IGTKHC
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLPJHM2WWSYU2F6KHW2BYFGYL4IGTKHC
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073126
reference_id 1073126
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073126
7
reference_url https://github.com/composer/composer/commit/6bd43dff859c597c09bd03a7e7d6443822d0a396
reference_id 6bd43dff859c597c09bd03a7e7d6443822d0a396
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-15T20:44:05Z/
url https://github.com/composer/composer/commit/6bd43dff859c597c09bd03a7e7d6443822d0a396
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-35242
reference_id CVE-2024-35242
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-35242
9
reference_url https://github.com/composer/composer/commit/fc57b93603d7d90b71ca8ec77b1c8a9171fdb467
reference_id fc57b93603d7d90b71ca8ec77b1c8a9171fdb467
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-15T20:44:05Z/
url https://github.com/composer/composer/commit/fc57b93603d7d90b71ca8ec77b1c8a9171fdb467
10
reference_url https://github.com/advisories/GHSA-v9qv-c7wm-wgmf
reference_id GHSA-v9qv-c7wm-wgmf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v9qv-c7wm-wgmf
11
reference_url https://github.com/composer/composer/security/advisories/GHSA-v9qv-c7wm-wgmf
reference_id GHSA-v9qv-c7wm-wgmf
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-15T20:44:05Z/
url https://github.com/composer/composer/security/advisories/GHSA-v9qv-c7wm-wgmf
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PO4MU2BC7VR6LMHEX4X7DKGHVFXZV2MC/
reference_id PO4MU2BC7VR6LMHEX4X7DKGHVFXZV2MC
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-15T20:44:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PO4MU2BC7VR6LMHEX4X7DKGHVFXZV2MC/
13
reference_url https://usn.ubuntu.com/7603-1/
reference_id USN-7603-1
reference_type
scores
url https://usn.ubuntu.com/7603-1/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLPJHM2WWSYU2F6KHW2BYFGYL4IGTKHC/
reference_id VLPJHM2WWSYU2F6KHW2BYFGYL4IGTKHC
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-15T20:44:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLPJHM2WWSYU2F6KHW2BYFGYL4IGTKHC/
fixed_packages
0
url pkg:deb/debian/composer@2.0.9-2%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/composer@2.0.9-2%2Bdeb11u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.0.9-2%252Bdeb11u3%3Fdistro=trixie
1
url pkg:deb/debian/composer@2.0.9-2%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/composer@2.0.9-2%2Bdeb11u4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a5f8-n9d2-eqff
1
vulnerability VCID-byja-84wd-bbep
2
vulnerability VCID-cp3v-jxnh-tug6
3
vulnerability VCID-h6a3-5vxq-pfav
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.0.9-2%252Bdeb11u4%3Fdistro=trixie
2
url pkg:deb/debian/composer@2.5.5-1%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/composer@2.5.5-1%2Bdeb12u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.5.5-1%252Bdeb12u2%3Fdistro=trixie
3
url pkg:deb/debian/composer@2.5.5-1%2Bdeb12u4?distro=trixie
purl pkg:deb/debian/composer@2.5.5-1%2Bdeb12u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.5.5-1%252Bdeb12u4%3Fdistro=trixie
4
url pkg:deb/debian/composer@2.7.7-1?distro=trixie
purl pkg:deb/debian/composer@2.7.7-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.7.7-1%3Fdistro=trixie
5
url pkg:deb/debian/composer@2.8.8-1%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/composer@2.8.8-1%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.8.8-1%252Bdeb13u2%3Fdistro=trixie
6
url pkg:deb/debian/composer@2.10.1-1?distro=trixie
purl pkg:deb/debian/composer@2.10.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.10.1-1%3Fdistro=trixie
7
url pkg:deb/debian/composer@2.10.1-2?distro=trixie
purl pkg:deb/debian/composer@2.10.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.10.1-2%3Fdistro=trixie
aliases CVE-2024-35242, GHSA-v9qv-c7wm-wgmf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nfz6-bse5-xyen
6
url VCID-rje5-kqen-2keh
vulnerability_id VCID-rje5-kqen-2keh
summary Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-controlled code entering a server-side build process. The issue occurs because of the way that dist packages are cached. The cache key is derived from the package name, the dist type, and certain other data from the package repository (which may simply be a commit hash, and thus can be found by an attacker). Versions through 1.0.0-alpha11 are affected, and 1.0.0 is unaffected.
references
0
reference_url http://flyingmana.de/blog_en/2016/02/14/composer_cache_injection_vulnerability_cve_2015_8371.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://flyingmana.de/blog_en/2016/02/14/composer_cache_injection_vulnerability_cve_2015_8371.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-8371
reference_id
reference_type
scores
0
value 0.00736
scoring_system epss
scoring_elements 0.73347
published_at 2026-06-12T12:55:00Z
1
value 0.00736
scoring_system epss
scoring_elements 0.7327
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-8371
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8371
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8371
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/composer/composer/CVE-2015-8371.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/composer/composer/CVE-2015-8371.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-8371
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-8371
5
reference_url https://github.com/composer/composer
reference_id composer
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-25T13:30:09Z/
url https://github.com/composer/composer
6
reference_url https://flyingmana.de/blog_en/2016/02/14/composer_cache_injection_vulnerability_cve_2015_8371.html
reference_id composer_cache_injection_vulnerability_cve_2015_8371.html
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-25T13:30:09Z/
url https://flyingmana.de/blog_en/2016/02/14/composer_cache_injection_vulnerability_cve_2015_8371.html
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/e26be423c5bcfdb38478d2f92d1f928c15afb561/composer/composer/CVE-2015-8371.yaml
reference_id CVE-2015-8371.yaml
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-25T13:30:09Z/
url https://github.com/FriendsOfPHP/security-advisories/blob/e26be423c5bcfdb38478d2f92d1f928c15afb561/composer/composer/CVE-2015-8371.yaml
8
reference_url https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/composer/composer/CVE-2015-8371.yml
reference_id CVE-2015-8371.yml
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-25T13:30:09Z/
url https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/composer/composer/CVE-2015-8371.yml
9
reference_url https://github.com/advisories/GHSA-725m-w832-q973
reference_id GHSA-725m-w832-q973
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-725m-w832-q973
fixed_packages
0
url pkg:deb/debian/composer@1.0.0~alpha11-3?distro=trixie
purl pkg:deb/debian/composer@1.0.0~alpha11-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@1.0.0~alpha11-3%3Fdistro=trixie
1
url pkg:deb/debian/composer@2.0.9-2%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/composer@2.0.9-2%2Bdeb11u4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a5f8-n9d2-eqff
1
vulnerability VCID-byja-84wd-bbep
2
vulnerability VCID-cp3v-jxnh-tug6
3
vulnerability VCID-h6a3-5vxq-pfav
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.0.9-2%252Bdeb11u4%3Fdistro=trixie
2
url pkg:deb/debian/composer@2.5.5-1%2Bdeb12u4?distro=trixie
purl pkg:deb/debian/composer@2.5.5-1%2Bdeb12u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.5.5-1%252Bdeb12u4%3Fdistro=trixie
3
url pkg:deb/debian/composer@2.8.8-1%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/composer@2.8.8-1%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.8.8-1%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/composer@2.10.1-1?distro=trixie
purl pkg:deb/debian/composer@2.10.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.10.1-1%3Fdistro=trixie
5
url pkg:deb/debian/composer@2.10.1-2?distro=trixie
purl pkg:deb/debian/composer@2.10.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.10.1-2%3Fdistro=trixie
aliases CVE-2015-8371, GHSA-725m-w832-q973
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rje5-kqen-2keh
7
url VCID-vvbj-3291-z7g7
vulnerability_id VCID-vvbj-3291-z7g7
summary arbitrary code execution
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29472
reference_id
reference_type
scores
0
value 0.02585
scoring_system epss
scoring_elements 0.85954
published_at 2026-06-12T12:55:00Z
1
value 0.02585
scoring_system epss
scoring_elements 0.85905
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29472
1
reference_url https://blog.sonarsource.com/php-supply-chain-attack-on-composer
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.sonarsource.com/php-supply-chain-attack-on-composer
2
reference_url https://blog.sonarsource.com/php-supply-chain-attack-on-composer/
reference_id
reference_type
scores
url https://blog.sonarsource.com/php-supply-chain-attack-on-composer/
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29472
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29472
4
reference_url https://getcomposer.org
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://getcomposer.org
5
reference_url https://getcomposer.org/
reference_id
reference_type
scores
url https://getcomposer.org/
6
reference_url https://github.com/composer/composer/security/advisories/GHSA-h5h8-pc6h-jvvx
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/composer/composer/security/advisories/GHSA-h5h8-pc6h-jvvx
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/composer/composer/CVE-2021-29472.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/composer/composer/CVE-2021-29472.yaml
8
reference_url https://lists.debian.org/debian-lts-announce/2021/05/msg00009.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/05/msg00009.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FAQUAMGO4Q4BLNZ2OH4CXQD7UK4IO2GE
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FAQUAMGO4Q4BLNZ2OH4CXQD7UK4IO2GE
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FAQUAMGO4Q4BLNZ2OH4CXQD7UK4IO2GE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FAQUAMGO4Q4BLNZ2OH4CXQD7UK4IO2GE/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KN3DMFH42BJW45VT6FYF2RXKC26D6VC2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KN3DMFH42BJW45VT6FYF2RXKC26D6VC2
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KN3DMFH42BJW45VT6FYF2RXKC26D6VC2/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KN3DMFH42BJW45VT6FYF2RXKC26D6VC2/
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29472
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29472
14
reference_url https://www.debian.org/security/2021/dsa-4907
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-4907
15
reference_url https://security.archlinux.org/AVG-1885
reference_id AVG-1885
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1885
16
reference_url https://github.com/advisories/GHSA-h5h8-pc6h-jvvx
reference_id GHSA-h5h8-pc6h-jvvx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h5h8-pc6h-jvvx
17
reference_url https://usn.ubuntu.com/USN-5220-1/
reference_id USN-USN-5220-1
reference_type
scores
url https://usn.ubuntu.com/USN-5220-1/
fixed_packages
0
url pkg:deb/debian/composer@2.0.9-2?distro=trixie
purl pkg:deb/debian/composer@2.0.9-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.0.9-2%3Fdistro=trixie
1
url pkg:deb/debian/composer@2.0.9-2%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/composer@2.0.9-2%2Bdeb11u4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a5f8-n9d2-eqff
1
vulnerability VCID-byja-84wd-bbep
2
vulnerability VCID-cp3v-jxnh-tug6
3
vulnerability VCID-h6a3-5vxq-pfav
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.0.9-2%252Bdeb11u4%3Fdistro=trixie
2
url pkg:deb/debian/composer@2.5.5-1%2Bdeb12u4?distro=trixie
purl pkg:deb/debian/composer@2.5.5-1%2Bdeb12u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.5.5-1%252Bdeb12u4%3Fdistro=trixie
3
url pkg:deb/debian/composer@2.8.8-1%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/composer@2.8.8-1%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.8.8-1%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/composer@2.10.1-1?distro=trixie
purl pkg:deb/debian/composer@2.10.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.10.1-1%3Fdistro=trixie
5
url pkg:deb/debian/composer@2.10.1-2?distro=trixie
purl pkg:deb/debian/composer@2.10.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.10.1-2%3Fdistro=trixie
aliases CVE-2021-29472, GHSA-h5h8-pc6h-jvvx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vvbj-3291-z7g7
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/composer@2.0.9-2%252Bdeb11u4%3Fdistro=trixie