Severity by source
AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
Primary rating from Vendor (drupal) · only source for this CVE.
CVSS VectorVendor: drupal
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionCVE.org
vulnerability in Drupal Composer allows . This issue affects Composer versions: *.*.
Analysis
vulnerability in Drupal Composer allows . This issue affects Composer versions: *.*.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Threat intelligence, references, and detailed analysis are available after sign-in.
Composer is a dependency manager for PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, lo
The tagDiv Composer WordPress plugin before 4.0 does not sanitise and escape a parameter before outputting it back in th
Composer is an open source dependency manager for the PHP language. Rated critical severity (CVSS 9.8), this vulnerabili
Composer is a dependency manager for PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, lo
Composer is a dependency manager for the PHP programming language. Rated high severity (CVSS 8.8), this vulnerability is
Arbitrary code execution in MosaicML Composer arises when the library loads a model or resumption checkpoint, because ch
Arbitrary file write in Composer (the PHP dependency manager) before 2.2.29 and 2.10.2 allows a malicious package served
The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all ver
Path traversal in Composer's binary installation flow allows a malicious PHP package to cause arbitrary host files to be
Credential leakage in Composer PHP dependency manager exposes sensitive tokens - such as GitHub Personal Access Tokens e
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43092
GHSA-qfp7-j94c-gx97