composer/composer vulnerabilities

Licenses: MIT

License

Known vulnerabilities in the composer/composer package. This does not include vulnerabilities belonging to this package’s dependencies.

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Vulnerability	Vulnerable Version
L Improper Encoding or Escaping of Output	>=2.0.0, <2.2.26>=2.3.0, <2.9.3
H Command Injection	>=2.0, <2.2.24>=2.3, <2.7.7
H Command Injection	>=2.0, <2.2.24>=2.3, <2.7.7
H Inclusion of Functionality from Untrusted Control Sphere	>=2.0.0, <2.2.23>=2.3.0, <2.7.0
M Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')	<1.10.27>=2.0.0, <2.2.22>=2.3.0, <2.6.4
H Improper Input Validation	<1.10.26>=2.0.0, <2.2.12>=2.3.0, <2.3.5
H Command Injection	>=2.0.0, <2.1.9<1.10.23
H Improper Neutralization	>=2.0, <2.0.13<1.10.22
H Cache Injection	<1.0.0