VYPR

rpm package

opensuse/php-composer2&distro=openSUSE Leap 15.6

pkg:rpm/opensuse/php-composer2&distro=openSUSE%20Leap%2015.6

Vulnerabilities (3)

  • CVE-2025-67746Dec 30, 2025
    affected < 2.6.4-150600.3.6.1fixed 2.6.4-150600.3.6.1

    Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangl

  • CVE-2024-35242HigJun 10, 2024
    affected < 2.6.4-150600.3.3.1fixed 2.6.4-150600.3.3.1

    Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories.

  • CVE-2024-35241HigJun 10, 2024
    affected < 2.6.4-150600.3.3.1fixed 2.6.4-150600.3.3.1

    Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Pat