CVE Archive

Composer Vulnerability Archive

Recent and critical CVEs affecting Composer packages. Kodem’s runtime-powered SCA identifies which are actually reachable in your applications.

Top affected packages

Recent Composer CVEs

CVE

Package / summary

Severity

CVE-2026-55878

symfony/ux-toolkit · symfony/ux-toolkit: Path Traversal Allows Arbitrary File Write and Read via…

High

CVE-2026-55877

symfony/ux-icons · symfony/ux-icons: XSS via unsanitized SVG content in local files and Iconify…

Medium

CVE-2026-55692

starcitizenwiki/embedvideo · StarCitizenWiki Extension Embed Video: Stored XSS via malformed src url with…

High

CVE-2026-55691

starcitizenwiki/embedvideo · StarCitizenWiki Extension Embed Video: Stored XSS via unsanitized class passed…

High

CVE-2026-55690

starcitizenwiki/embedvideo · StarCitizenWiki Extension Embed Video: Stored XSS via unsanitized service name…

High

CVE-2026-55767

guzzlehttp/guzzle · guzzlehttp/guzzle: Dot-Only Cookie Domains Match All Hosts

Medium

CVE-2026-55766

guzzlehttp/psr7 · guzzlehttp/psr7: CRLF Injection in HTTP Start-Line Serialization

Medium

CVE-2026-55568

guzzlehttp/guzzle · guzzlehttp/guzzle: Silent HTTPS-Proxy Downgrade to Cleartext

Medium

CVE-2026-55375

jleehr/canto-saas-api · canto-saas-api: OAuth credentials exposed in URL query string and exception…

Medium

CVE-2026-55374

jleehr/canto-saas-api · canto-saas-api: Authenticated API requests can be redirected via unencoded path…

Medium

CVE-2026-55890

getgrav/grav · Grav: Stored CSS injection via Markdown image ?style=… reaches…

Medium

CVE-2026-55885

getgrav/grav · Grav: Admin Backup Zip File Exposes Account Credentials and Configuration…

Medium

CVE-2026-55746

cotonti/cotonti · Cotonti: Stored Cross-Site Scripting in the Personal File Storage (PFS) module

High

CVE-2026-55745

cotonti/cotonti · Cotonti: Cross-Site Request Forgery in the Personal File Storage (PFS) module

Medium

CVE-2026-55742

cotonti/cotonti · Cotonti: Cross-Site Request Forgery in the administration rights handler

Critical

CVE-2026-55744

cotonti/cotonti · Cotonti: Cross-Site Request Forgery in the Personal File Storage (PFS) module

High

CVE-2026-11407

pimcore/pimcore · Pimcore CMS Twig Sandbox Bypass via SecurityPolicy checkMethodAllowed

High

CVE-2026-55409

filament/forms · Filament: Disabled RichEditor field state can be used for XSS

High

Stop the waste.
Protect your environment with Kodem.

Get a personalized demo

Composer Vulnerability Archive

Stop the waste.Protect your environment with Kodem.

Stop the waste.
Protect your environment with Kodem.