FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2026-04-16 08:20:54 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
7a7a17b2-381c-11f1-a663-10ffe07f9334PHP Composer -- Multiple vulnerabilities

Composer project reports:

Fixed command injection via malicious Perforce reference (GHSA-gqw4-4w2p-838q / CVE-2026-40261)

Fixed command injection via malicious Perforce repository definition (GHSA-wg36-wvj6-r67p / CVE-2026-40176)


Discovery 2026-04-14
Entry 2026-04-14
php82-composer
php83-composer
php84-composer
php85-composer
< 2.9.6

CVE-2026-40261
CVE-2026-40176
https://github.com/composer/composer/releases/tag/2.9.6