`composer/composer`

Ecosystem:
packagist

Package URL:
pkg:composer/composer/composer

Total PRs:
217 Dependabot PRs

Latest PR:
21 days ago

Unique Repositories:
128 repositories

Unique Repos (30 days):
4 repositories

Security Advisories

Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial

GHSA-h5h8-pc6h-jvvx CVE-2021-29472 HIGH published about 5 years ago • updated 5 days ago

URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL va...

Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php

GHSA-7c6p-848j-wh5h CVE-2024-24821 HIGH published over 2 years ago • updated 6 days ago

### Impact Several files within the local working directory are included during the invocation of Composer and in the context of the executing use...

View all 12 advisories

Recent PRs

RSS Feed

Bump composer/composer from 2.9.5 to 2.10.0 in /html

isobar-playground/base #554

2.9.5 → 2.10.0 Minor PR

Open 21 days ago 1 comment

Bump the composer group across 1 directory with 18 updates

HandyKnox/mautic-marketing #21

2.7.7 → 2.9.8 Minor PR

Closed 22 days ago 1 comment

Bump the composer group across 1 directory with 17 updates

dporkka/mautic #16

2.7.7 → 2.9.8 Minor PR

Closed 22 days ago 1 comment

Bump the composer group across 1 directory with 12 updates

HandyKnox/mautic-marketing #15

2.7.7 → 2.9.8 Minor PR

Closed 22 days ago 1 comment

Bump the composer group across 1 directory with 8 updates

dporkka/mautic #8

2.7.7 → 2.9.8 Minor PR

Closed about 1 month ago 1 comment

Bump composer/composer from 2.9.5 to 2.9.8 in /composer/helpers/v2 in the prod-dependencies group across 1 directory

JaclynCodes/dependabot-core #121

2.9.5 → 2.9.8 Patch PR

Closed about 2 months ago 1 comment

Bump composer/composer from 2.9.5 to 2.9.7

jazzsequence/satis-server #84

2.9.5 → 2.9.7 Patch PR

Open about 2 months ago 1 comment

Bump the composer group across 1 directory with 6 updates

acquia/drupal-recommended-project #915

2.8.12 → 2.9.7 Minor PR

Open 2 months ago 1 comment

Bump the composer group across 1 directory with 7 updates

dporkka/mautic #4

2.7.7 → 2.9.7 Minor PR

Closed 2 months ago 1 comment

Bump the composer group across 1 directory with 7 updates

HandyKnox/mautic-marketing #7

2.7.7 → 2.9.7 Minor PR

Closed 2 months ago 1 comment

Bump composer/composer from 2.9.5 to 2.9.7

WyriHaximus/php-async-test-utilities #370

2.9.5 → 2.9.7 Patch PR

Closed 2 months ago 2 comments

Bump composer/composer from 2.9.5 to 2.9.7

WyriHaximus/php-psr-3-context-logger #86

2.9.5 → 2.9.7 Patch PR

Closed 2 months ago 2 comments

chore(deps-dev): bump composer/composer from 2.9.5 to 2.9.7 in the composer group across 1 directory

NguyenThanhPhucne/open_crm #10

2.9.5 → 2.9.7 Patch PR

Open 2 months ago 1 comment

Bump composer/composer from 2.9.5 to 2.9.7

acquia/cli #1982

2.9.5 → 2.9.7 Patch PR

Open 2 months ago 3 comments

build(deps): bump composer/composer from 2.9.5 to 2.9.6 in /composer/helpers/v2

dependabot/dependabot-core #14719

2.9.5 → 2.9.6 Patch PR

Closed 2 months ago 1 comment

chore(deps-dev): bump composer/composer from 2.9.5 to 2.9.7

UN-OCHA/response-site #1088

2.9.5 → 2.9.7 Patch PR

Closed 2 months ago 3 comments

Bump the composer group across 1 directory with 2 updates

pixelated-au/streamline #12

2.9.3 → 2.9.6 Patch PR

Closed 2 months ago 1 comment

Bump the composer group across 1 directory with 2 updates

EncoreDigitalGroup/laravel-stripe #90

2.9.3 → 2.9.7 Patch PR

Closed 2 months ago 1 comment

Bump composer/composer from 2.6.5 to 2.9.6

wibesoft-company/packeton #16

2.6.5 → 2.9.6 Minor PR

Closed 2 months ago 1 comment

Bump the composer group across 1 directory with 6 updates

acquia/drupal-recommended-project #906

2.8.12 → 2.9.5 Minor PR

Closed 3 months ago 2 comments

composer(deps): bump the production-dependencies group with 54 updates

pivvenit/wordpress-readonly #33

2.2.21 → 2.7.7 Minor PR

Closed 4 months ago 3 comments

Bump composer/composer from 2.9.2 to 2.9.5

jazzsequence/satis-server #71

2.9.2 → 2.9.5 Patch PR

Open 5 months ago 1 comment

Bump composer/composer from 2.8.6 to 2.9.5

acquia/orca #685

2.8.6 → 2.9.5 Minor PR

Closed 5 months ago 2 comments

Bump composer/composer from 2.8.9 to 2.9.4 in /composer/helpers/v2 in the prod-dependencies group across 1 directory

JaclynCodes/dependabot-core #10

2.8.9 → 2.9.4 Minor PR

Open 5 months ago 2 comments

Bump the composer group across 1 directory with 2 updates

trizist/dependabot-core #11

2.8.10 → 2.9.3 Minor PR

Open 5 months ago 1 comment

Bump the composer group across 1 directory with 2 updates

acquia/drupal-recommended-project #891

2.8.12 → 2.9.4 Minor PR

Open 5 months ago 1 comment

Bump the composer group across 1 directory with 2 updates

sizzlebop/passbolt_api #2

2.8.6 → 2.9.3 Minor PR

Open 5 months ago 1 comment

Bump composer/composer from 2.8.10 to 2.9.4 in /composer/helpers/v2 in the prod-dependencies group across 1 directory

Alexsio274ltd/dependabot-core #49

2.8.10 → 2.9.4 Minor PR

Open 5 months ago 1 comment

Bump composer/composer from 2.9.2 to 2.9.3

jazzsequence/satis-server #65

2.9.2 → 2.9.3 Patch PR

Open 6 months ago 2 comments

Bump composer/composer from 2.9.2 to 2.9.3

WyriHaximus/php-tile-stitcher #44

2.9.2 → 2.9.3 Patch PR

Open 6 months ago 1 comment

Bump composer/composer from 2.9.2 to 2.9.3

WyriHaximus/php-psr-3-callable-throwable-logger #75

2.9.2 → 2.9.3 Patch PR

Closed 6 months ago 2 comments

Bump composer/composer from 2.9.2 to 2.9.3

WyriHaximus/php-broadcast #329

2.9.2 → 2.9.3 Patch PR

Open 6 months ago 1 comment

Bump composer/composer from 2.9.2 to 2.9.3

WyriHaximus/php-monolog-formatted-psr-handler #88

2.9.2 → 2.9.3 Patch PR

Open 6 months ago 1 comment

Bump composer/composer from 2.9.2 to 2.9.3 in /streetcode

jonesrussell/north-cloud #38

2.9.2 → 2.9.3 Patch PR

Closed 6 months ago 1 comment

Bump composer/composer from 2.9.1 to 2.9.3

librenms/librenms #18726

2.9.1 → 2.9.3 Patch PR

Closed 6 months ago 1 comment

chore(deps-dev): bump composer/composer from 2.9.2 to 2.9.3

UN-OCHA/drupal-starterkit #243

2.9.2 → 2.9.3 Patch PR

Closed 6 months ago 3 comments

chore(deps): bump composer/composer from 2.9.2 to 2.9.3 in the composer group across 1 directory

dfo-osdt/osp #1315

2.9.2 → 2.9.3 Patch PR

Closed 6 months ago 1 comment

chore(deps-dev): bump composer/composer from 2.9.2 to 2.9.3

UN-OCHA/unocha-site #732

2.9.2 → 2.9.3 Patch PR

Open 6 months ago 3 comments

chore(deps-dev): bump composer/composer from 2.9.2 to 2.9.3

UN-OCHA/common-design-site #591

2.9.2 → 2.9.3 Patch PR

Open 6 months ago 3 comments

Bump composer/composer from 2.9.2 to 2.9.3 in /build

unb-libraries/datasets.lib.unb.ca #94

2.9.2 → 2.9.3 Patch PR

Closed 6 months ago 1 comment

Bump composer/composer from 2.9.2 to 2.9.3

phpro/grumphp #1202

2.9.2 → 2.9.3 Patch PR

Closed 6 months ago 1 comment

chore(deps-dev): bump composer/composer from 2.9.2 to 2.9.3 in /tools

atos-df-rennes/prevarisc #284

2.9.2 → 2.9.3 Patch PR

Closed 6 months ago 2 comments

Bump composer/composer from 2.9.2 to 2.9.3 in the composer group across 1 directory

lfai/model_openness_tool #200

2.9.2 → 2.9.3 Patch PR

Open 6 months ago 1 comment

Bump composer/composer from 2.9.2 to 2.9.3

GreenMeteor/composer #53

2.9.2 → 2.9.3 Patch PR

Open 6 months ago 1 comment

Bump composer/composer from 2.9.1 to 2.9.3

jgonyea/wp2grav_exporter #42

2.9.1 → 2.9.3 Patch PR

Closed 6 months ago 1 comment

build(deps): bump composer/composer from 2.9.2 to 2.9.3

ilios/ilios #6766

2.9.2 → 2.9.3 Patch PR

Open 6 months ago 2 comments

Bump composer/composer from 2.9.2 to 2.9.3

cweagans/composer-patches #671

2.9.2 → 2.9.3 Patch PR

Closed 6 months ago 1 comment

Bump composer/composer from 2.9.1 to 2.9.3 in /tests/Composer/fixtures

statamic/cms #13408

2.9.1 → 2.9.3 Patch PR

Closed 6 months ago 1 comment

chore(deps-dev): bump composer/composer from 2.8.9 to 2.9.3

rtCamp/snapwp-helper #119

2.8.9 → 2.9.3 Minor PR

Open 6 months ago 5 comments

build(deps-dev): bump composer/composer from 2.8.8 to 2.9.3

ONLYOFFICE/onlyoffice-docspace-wordpress #54

2.8.8 → 2.9.3 Minor PR

Closed 6 months ago 1 comment

Package Details

Name:	`composer/composer`
Ecosystem:	packagist
PURL Type:	composer
Package URL:	`pkg:composer/composer/composer`
JSON API:	View JSON

Security Advisories

12

Active advisories

HIGH 11

LOW 1

View All composer Advisories

Package Information

Description:

Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere.

Repository:	https://github.com/composer/composer
Homepage:	https://getcomposer.org/
Latest Release:	`2.8.9` about 1 year ago
Dependent Repos:	35,414
Dependent Packages:	2,610
Downloads:	162,035,323
Ranking:	Top 0.0479% by dependent repos Top 0.0457% by downloads Top 0.0156% by dependent pkgs

PR Status

Open 87 (40.1%)

Merged 24 (11.1%)

Closed 90 (41.5%)

PR Types

Major 1 (0.5%)

Minor 75 (34.6%)

Patch 125 (57.6%)

composer/composer

Security Advisories

Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial

Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php

Composer Remote Code Execution vulnerability via web-accessible composer.phar

Missing input validation can lead to command execution in composer

Composer allows cache poisoning from other projects built on the same host

Recent PRs

Package Details

Security Advisories

12

Package Information

PR Status

PR Types

`composer/composer`