Known Vulnerabilities for Composer by Drupal
Listed below are 10 of the newest known vulnerabilities associated with "Composer" by "Drupal".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-59948 json | Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously crafted package from an untr... | Not Provided | 2026-07-08 | 2026-07-09 |
| CVE-2026-59947 json | Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer is run with -vvv debug verbo... | Not Provided | 2026-07-08 | 2026-07-09 |
| CVE-2026-59946 json | Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing ..... | Not Provided | 2026-07-08 | 2026-07-09 |
| CVE-2026-56382 json | Craft CMS (composer package craftcms/cms) versions >= 5.5.0 and <= 5.9.13 contain a remote code execution vulnerability in th... | Not Provided | 2026-06-21 | 2026-06-22 |
| CVE-2026-46767 json | Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Composer). Supported versions t... | Not Provided | 2026-06-17 | 2026-06-19 |
| CVE-2026-46765 json | Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Composer). Supported versions t... | Not Provided | 2026-06-17 | 2026-06-19 |
| CVE-2026-40261 json | Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulne... | Not Provided | 2026-04-15 | 2026-06-30 |
| CVE-2026-40176 json | Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulne... | Not Provided | 2026-04-15 | 2026-06-30 |
| CVE-2026-39712 json | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in tagDiv tagDiv Composer td-comp... | Not Provided | 2026-04-08 | 2026-04-29 |
| CVE-2026-34216 json | CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the admin settings update endpo... | Not Provided | 2026-05-19 | 2026-05-20 |