Composer ↗
Composer · Web / Runtime
62/100 Attention
Summary iPlain-English security verdict for Composer, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.
Composer currently scores 62/100 — needs attention. No tracked vulnerabilities are currently known to be exploited in the wild. Patch the open issues below when you can.
Disclosure trend iNew CVEs published for Composer each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.
'19
'20
'21
'22
'23
'24
'25
'26
Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.
No urgent unpatched issues identified. ✓
ℹ lifecycle unknown — needs latest supported version