{"url":"http://public2.vulnerablecode.io/api/packages/73138?format=json","purl":"pkg:composer/composer/composer@2.2.26","type":"composer","namespace":"composer","name":"composer","version":"2.2.26","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.2.27","latest_non_vulnerable_version":"2.10.0-RC1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62753?format=json","vulnerability_id":"VCID-1sk6-xbn9-q7es","summary":"composer: command injection via malicious Perforce repository definition","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40176.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40176.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40176","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06826","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06822","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40176"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40176","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40176"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/composer/composer","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/composer/composer"},{"reference_url":"https://github.com/composer/composer/releases/tag/2.9.6","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-16T14:16:01Z/"}],"url":"https://github.com/composer/composer/releases/tag/2.9.6"},{"reference_url":"https://github.com/composer/composer/security/advisories/GHSA-wg36-wvj6-r67p","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-16T14:16:01Z/"}],"url":"https://github.com/composer/composer/security/advisories/GHSA-wg36-wvj6-r67p"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/composer/composer/CVE-2026-40176.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/composer/composer/CVE-2026-40176.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40176","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40176"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458828","reference_id":"2458828","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458828"},{"reference_url":"https://github.com/advisories/GHSA-wg36-wvj6-r67p","reference_id":"GHSA-wg36-wvj6-r67p","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wg36-wvj6-r67p"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8165","reference_id":"RHSA-2026:8165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8165"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/111639?format=json","purl":"pkg:composer/composer/composer@2.2.27","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.2.27"},{"url":"http://public2.vulnerablecode.io/api/packages/679270?format=json","purl":"pkg:composer/composer/composer@2.3.0-RC1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.3.0-RC1"},{"url":"http://public2.vulnerablecode.io/api/packages/111638?format=json","purl":"pkg:composer/composer/composer@2.9.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/1022320?format=json","purl":"pkg:composer/composer/composer@2.10.0-RC1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.10.0-RC1"}],"aliases":["CVE-2026-40176","GHSA-wg36-wvj6-r67p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1sk6-xbn9-q7es"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62752?format=json","vulnerability_id":"VCID-q7kj-g74r-s7ec","summary":"composer: command injection via malicious Perforce source reference/url","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40261.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40261.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40261","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15921","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15931","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40261"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40261","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40261"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/composer/composer","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/composer/composer"},{"reference_url":"https://github.com/composer/composer/releases/tag/2.9.6","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-16T13:41:03Z/"}],"url":"https://github.com/composer/composer/releases/tag/2.9.6"},{"reference_url":"https://github.com/composer/composer/security/advisories/GHSA-gqw4-4w2p-838q","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-16T13:41:03Z/"}],"url":"https://github.com/composer/composer/security/advisories/GHSA-gqw4-4w2p-838q"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/composer/composer/CVE-2026-40261.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/composer/composer/CVE-2026-40261.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40261","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40261"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458841","reference_id":"2458841","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458841"},{"reference_url":"https://github.com/advisories/GHSA-gqw4-4w2p-838q","reference_id":"GHSA-gqw4-4w2p-838q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gqw4-4w2p-838q"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8165","reference_id":"RHSA-2026:8165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8165"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/111639?format=json","purl":"pkg:composer/composer/composer@2.2.27","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.2.27"},{"url":"http://public2.vulnerablecode.io/api/packages/679270?format=json","purl":"pkg:composer/composer/composer@2.3.0-RC1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.3.0-RC1"},{"url":"http://public2.vulnerablecode.io/api/packages/111638?format=json","purl":"pkg:composer/composer/composer@2.9.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/1022320?format=json","purl":"pkg:composer/composer/composer@2.10.0-RC1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.10.0-RC1"}],"aliases":["CVE-2026-40261","GHSA-gqw4-4w2p-838q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q7kj-g74r-s7ec"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49537?format=json","vulnerability_id":"VCID-52e4-4t6n-p3e9","summary":"Composer is vulnerable to ANSI sequence injection\nAttackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and potentially leading to confusion or DoS of the terminal application.\n\nThere is no proven exploit and this has thus a low severity but Composer still published a CVE as it has potential for abuse, and Composer wants to be on the safe side informing users that they should upgrade.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67746.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67746.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67746","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04984","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04998","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67746"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67746"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/composer/composer","reference_id":"","reference_type":"","scores":[{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/composer/composer"},{"reference_url":"https://github.com/composer/composer/commit/1d40a95c9d39a6b7f80d404ab30336c586da9917","reference_id":"","reference_type":"","scores":[{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-30T17:17:14Z/"}],"url":"https://github.com/composer/composer/commit/1d40a95c9d39a6b7f80d404ab30336c586da9917"},{"reference_url":"https://github.com/composer/composer/commit/5db1876a76fdef76d3c4f8a27995c434c7a43e71","reference_id":"","reference_type":"","scores":[{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-30T17:17:14Z/"}],"url":"https://github.com/composer/composer/commit/5db1876a76fdef76d3c4f8a27995c434c7a43e71"},{"reference_url":"https://github.com/composer/composer/releases/tag/2.2.26","reference_id":"","reference_type":"","scores":[{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-30T17:17:14Z/"}],"url":"https://github.com/composer/composer/releases/tag/2.2.26"},{"reference_url":"https://github.com/composer/composer/releases/tag/2.9.3","reference_id":"","reference_type":"","scores":[{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-30T17:17:14Z/"}],"url":"https://github.com/composer/composer/releases/tag/2.9.3"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2426283","reference_id":"2426283","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2426283"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67746","reference_id":"CVE-2025-67746","reference_type":"","scores":[{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67746"},{"reference_url":"https://github.com/advisories/GHSA-59pp-r3rg-353g","reference_id":"GHSA-59pp-r3rg-353g","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-59pp-r3rg-353g"},{"reference_url":"https://github.com/composer/composer/security/advisories/GHSA-59pp-r3rg-353g","reference_id":"GHSA-59pp-r3rg-353g","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-30T17:17:14Z/"}],"url":"https://github.com/composer/composer/security/advisories/GHSA-59pp-r3rg-353g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8165","reference_id":"RHSA-2026:8165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8165"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73138?format=json","purl":"pkg:composer/composer/composer@2.2.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sk6-xbn9-q7es"},{"vulnerability":"VCID-q7kj-g74r-s7ec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.2.26"},{"url":"http://public2.vulnerablecode.io/api/packages/679270?format=json","purl":"pkg:composer/composer/composer@2.3.0-RC1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.3.0-RC1"},{"url":"http://public2.vulnerablecode.io/api/packages/73139?format=json","purl":"pkg:composer/composer/composer@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sk6-xbn9-q7es"},{"vulnerability":"VCID-q7kj-g74r-s7ec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.9.3"}],"aliases":["CVE-2025-67746","GHSA-59pp-r3rg-353g"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-52e4-4t6n-p3e9"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.2.26"}