`composer/composer`

Ecosystem:
packagist

Package URL:
pkg:composer/composer/composer

Total PRs:
217 Dependabot PRs

Latest PR:
21 days ago

Unique Repositories:
128 repositories

Unique Repos (30 days):
4 repositories

Security Advisories

Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial

GHSA-h5h8-pc6h-jvvx CVE-2021-29472 HIGH published about 5 years ago • updated 5 days ago

URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL va...

Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php

GHSA-7c6p-848j-wh5h CVE-2024-24821 HIGH published over 2 years ago • updated 6 days ago

### Impact Several files within the local working directory are included during the invocation of Composer and in the context of the executing use...

View all 12 advisories

Recent PRs (filtered by: Patch PRs )

RSS Feed Clear filter

Bump composer/composer from 2.9.5 to 2.9.8 in /composer/helpers/v2 in the prod-dependencies group across 1 directory

JaclynCodes/dependabot-core #121

2.9.5 → 2.9.8 Patch PR

Closed about 2 months ago 1 comment

Bump composer/composer from 2.9.5 to 2.9.7

jazzsequence/satis-server #84

2.9.5 → 2.9.7 Patch PR

Open about 2 months ago 1 comment

Bump composer/composer from 2.9.5 to 2.9.7

WyriHaximus/php-async-test-utilities #370

2.9.5 → 2.9.7 Patch PR

Closed 2 months ago 2 comments

Bump composer/composer from 2.9.5 to 2.9.7

WyriHaximus/php-psr-3-context-logger #86

2.9.5 → 2.9.7 Patch PR

Closed 2 months ago 2 comments

chore(deps-dev): bump composer/composer from 2.9.5 to 2.9.7 in the composer group across 1 directory

NguyenThanhPhucne/open_crm #10

2.9.5 → 2.9.7 Patch PR

Open 2 months ago 1 comment

Bump composer/composer from 2.9.5 to 2.9.7

acquia/cli #1982

2.9.5 → 2.9.7 Patch PR

Open 2 months ago 3 comments

build(deps): bump composer/composer from 2.9.5 to 2.9.6 in /composer/helpers/v2

dependabot/dependabot-core #14719

2.9.5 → 2.9.6 Patch PR

Closed 2 months ago 1 comment

chore(deps-dev): bump composer/composer from 2.9.5 to 2.9.7

UN-OCHA/response-site #1088

2.9.5 → 2.9.7 Patch PR

Closed 2 months ago 3 comments

Bump the composer group across 1 directory with 2 updates

pixelated-au/streamline #12

2.9.3 → 2.9.6 Patch PR

Closed 2 months ago 1 comment

Bump the composer group across 1 directory with 2 updates

EncoreDigitalGroup/laravel-stripe #90

2.9.3 → 2.9.7 Patch PR

Closed 2 months ago 1 comment

Bump composer/composer from 2.9.2 to 2.9.5

jazzsequence/satis-server #71

2.9.2 → 2.9.5 Patch PR

Open 5 months ago 1 comment

Bump composer/composer from 2.9.2 to 2.9.3

jazzsequence/satis-server #65

2.9.2 → 2.9.3 Patch PR

Open 6 months ago 2 comments

Bump composer/composer from 2.9.2 to 2.9.3

WyriHaximus/php-tile-stitcher #44

2.9.2 → 2.9.3 Patch PR

Open 6 months ago 1 comment

Bump composer/composer from 2.9.2 to 2.9.3

WyriHaximus/php-psr-3-callable-throwable-logger #75

2.9.2 → 2.9.3 Patch PR

Closed 6 months ago 2 comments

Bump composer/composer from 2.9.2 to 2.9.3

WyriHaximus/php-broadcast #329

2.9.2 → 2.9.3 Patch PR

Open 6 months ago 1 comment

Bump composer/composer from 2.9.2 to 2.9.3

WyriHaximus/php-monolog-formatted-psr-handler #88

2.9.2 → 2.9.3 Patch PR

Open 6 months ago 1 comment

Bump composer/composer from 2.9.2 to 2.9.3 in /streetcode

jonesrussell/north-cloud #38

2.9.2 → 2.9.3 Patch PR

Closed 6 months ago 1 comment

Bump composer/composer from 2.9.1 to 2.9.3

librenms/librenms #18726

2.9.1 → 2.9.3 Patch PR

Closed 6 months ago 1 comment

chore(deps-dev): bump composer/composer from 2.9.2 to 2.9.3

UN-OCHA/drupal-starterkit #243

2.9.2 → 2.9.3 Patch PR

Closed 6 months ago 3 comments

chore(deps-dev): bump composer/composer from 2.9.2 to 2.9.3

UN-OCHA/unocha-site #732

2.9.2 → 2.9.3 Patch PR

Open 6 months ago 3 comments

chore(deps): bump composer/composer from 2.9.2 to 2.9.3 in the composer group across 1 directory

dfo-osdt/osp #1315

2.9.2 → 2.9.3 Patch PR

Closed 6 months ago 1 comment

chore(deps-dev): bump composer/composer from 2.9.2 to 2.9.3

UN-OCHA/common-design-site #591

2.9.2 → 2.9.3 Patch PR

Open 6 months ago 3 comments

Bump composer/composer from 2.9.2 to 2.9.3 in /build

unb-libraries/datasets.lib.unb.ca #94

2.9.2 → 2.9.3 Patch PR

Closed 6 months ago 1 comment

Bump composer/composer from 2.9.2 to 2.9.3

phpro/grumphp #1202

2.9.2 → 2.9.3 Patch PR

Closed 6 months ago 1 comment

chore(deps-dev): bump composer/composer from 2.9.2 to 2.9.3 in /tools

atos-df-rennes/prevarisc #284

2.9.2 → 2.9.3 Patch PR

Closed 6 months ago 2 comments

Bump composer/composer from 2.9.2 to 2.9.3 in the composer group across 1 directory

lfai/model_openness_tool #200

2.9.2 → 2.9.3 Patch PR

Open 6 months ago 1 comment

Bump composer/composer from 2.9.2 to 2.9.3

GreenMeteor/composer #53

2.9.2 → 2.9.3 Patch PR

Open 6 months ago 1 comment

Bump composer/composer from 2.9.1 to 2.9.3

jgonyea/wp2grav_exporter #42

2.9.1 → 2.9.3 Patch PR

Closed 6 months ago 1 comment

build(deps): bump composer/composer from 2.9.2 to 2.9.3

ilios/ilios #6766

2.9.2 → 2.9.3 Patch PR

Open 6 months ago 2 comments

Bump composer/composer from 2.9.2 to 2.9.3

cweagans/composer-patches #671

2.9.2 → 2.9.3 Patch PR

Closed 6 months ago 1 comment

Bump composer/composer from 2.9.1 to 2.9.3 in /tests/Composer/fixtures

statamic/cms #13408

2.9.1 → 2.9.3 Patch PR

Closed 6 months ago 1 comment

Bump composer/composer from 2.2.12 to 2.2.24 in /tests/Composer/fixtures

oshkoshbagoshh/aj_statamic_cms #3

2.2.12 → 2.2.24 Patch PR

Closed 7 months ago 1 comment

Bump composer/composer from 2.9.1 to 2.9.2

GreenMeteor/composer #52

2.9.1 → 2.9.2 Patch PR

Open 7 months ago 1 comment

chore(deps-dev): bump composer/composer from 2.9.1 to 2.9.2

netz98/n98-magerun #1630

2.9.1 → 2.9.2 Patch PR

Open 7 months ago 1 comment

Bump the composer group across 1 directory with 9 updates

koushikch7/magento2 #1

2.2.18 → 2.2.24 Patch PR

Closed 7 months ago 1 comment

Bump composer/composer from 1.10.23 to 1.10.27 in /tests/Fake/fake-app

bearsunday/BEAR.Package #445

1.10.23 → 1.10.27 Patch PR

Open 8 months ago 2 comments

chore(deps): bump composer/composer from 2.8.11 to 2.8.12

demos-europe/demosplan-core #5292

2.8.11 → 2.8.12 Patch PR

Merged 9 months ago

Bump composer/composer from 2.8.11 to 2.8.12

EncoreDigitalGroup/PHPGenesis #162

2.8.11 → 2.8.12 Patch PR

Open 9 months ago

Bump composer/composer from 2.8.11 to 2.8.12

EncoreDigitalGroup/stdlib #128

2.8.11 → 2.8.12 Patch PR

Open 9 months ago

Bump composer/composer from 2.8.11 to 2.8.12

GreenMeteor/composer #49

2.8.11 → 2.8.12 Patch PR

Open 9 months ago

(chore): Bump the composer group with 5 updates

yardinternet/wp-user-roles #65

2.8.11 → 2.8.12 Patch PR

Open 9 months ago

Bump composer/composer from 2.8.11 to 2.8.12

roots/wordpress-packager #1187

2.8.11 → 2.8.12 Patch PR

Merged 9 months ago

Bump composer/composer from 2.8.11 to 2.8.12 in the minor-patch group

composer/satis #1042

2.8.11 → 2.8.12 Patch PR

Open 9 months ago

build(deps): bump composer/composer from 2.8.11 to 2.8.12

ilios/ilios #6521

2.8.11 → 2.8.12 Patch PR

Closed 9 months ago 2 comments

Bump composer/composer from 2.8.11 to 2.8.12

rajeshreeputra/composer-patches #63

2.8.11 → 2.8.12 Patch PR

Open 9 months ago

Bump composer/composer from 2.8.11 to 2.8.12

madewithlove/semver #1068

2.8.11 → 2.8.12 Patch PR

Open 9 months ago

Bump composer/composer from 2.8.10 to 2.8.12

jazzsequence/satis-server #30

2.8.10 → 2.8.12 Patch PR

Open 9 months ago

Bump composer/composer from 2.8.11 to 2.8.12

cweagans/composer-patches #644

2.8.11 → 2.8.12 Patch PR

Open 9 months ago

build(deps-dev): bump composer/composer from 2.8.11 to 2.8.12

guanguans/laravel-skeleton #1507

2.8.11 → 2.8.12 Patch PR

Open 9 months ago

bump composer/composer from 2.0.12 to 2.0.13

summercms/laravel-arangodb #5

2.0.12 → 2.0.13 Patch PR

Open 9 months ago

Package Details

Name:	`composer/composer`
Ecosystem:	packagist
PURL Type:	composer
Package URL:	`pkg:composer/composer/composer`
JSON API:	View JSON

Security Advisories

12

Active advisories

HIGH 11

LOW 1

View All composer Advisories

Package Information

Description:

Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere.

Repository:	https://github.com/composer/composer
Homepage:	https://getcomposer.org/
Latest Release:	`2.8.9` about 1 year ago
Dependent Repos:	35,414
Dependent Packages:	2,610
Downloads:	162,035,323
Ranking:	Top 0.0479% by dependent repos Top 0.0457% by downloads Top 0.0156% by dependent pkgs

PR Status

Open 87 (40.1%)

Merged 24 (11.1%)

Closed 90 (41.5%)

PR Types

Major 1 (0.5%)

Minor 75 (34.6%)

Patch 125 (57.6%)

composer/composer

Security Advisories

Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial

Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php

Composer Remote Code Execution vulnerability via web-accessible composer.phar

Missing input validation can lead to command execution in composer

Composer allows cache poisoning from other projects built on the same host

Recent PRs (filtered by: Patch PRs )

Package Details

Security Advisories

12

Package Information

PR Status

PR Types

`composer/composer`