DRUPAL-CONTRIB-2026-046

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/composer/DRUPAL-CONTRIB-2026-046.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2026-046
Aliases
  • CVE-2026-11914
Published
2026-06-10T17:09:45Z
Modified
2026-06-10T21:00:05.163464908Z
Summary
[none]
Details

The security team is marking the Composer module for Drupal project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#s-becoming-owner-maintainer-or-co-mai...

Note: this is about a project for the Drupal system that makes use of composer. It is not a vulnerability in the composer software itself.

References

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/composer

Package

Name
drupal/composer
Purl
pkg:composer/drupal%2Fcomposer

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Database specific 
{
    "constraint": "*"
}

Database specific

affected_versions 
"*"
source 
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/composer/DRUPAL-CONTRIB-2026-046.json"