OSS Index Helpclose
An open index of open source

 Welcome to the Composer Start Page

Posted by OSS-Index on May 21, 2016

Quick access to Composer auditing tools, search, and recent Composer activity on OSS Index.

 Recent news...


Composer package vulnerability: zeroclipboard

[Duplicate] Filtering query params out of LoaderInfo parameters
Sun Jun 25 23:06:21 EDT 2017

See https://ossindex.net/resource/vulnerability/8402731237




Composer package vulnerability: zeroclipboard

Possible Cross Site Scripting (XSS)
Sun Jun 25 23:03:06 EDT 2017

Some additional XSS hardening has been added to the SWF by verifying that ExternalInterface.objectID matches the expected value.




Composer package vulnerability: datatables

Cross Site Scripting in unit tests
Fri Jun 02 02:17:16 EDT 2017

An XSS vulnerability was identified in the unit tests. The tests should not be installed on a production system, and are likely not contained in all packages, reducing the impact of the bug.




Composer package vulnerability: zeroclipboard

Possible Cross Site Scripting (XSS) in LoaderInfo parameters
Tue May 16 00:49:08 EDT 2017

Allowing non "FlashVars" query parameters might provide a Cross Site Scripting attack vector.




Composer package vulnerability: zeroclipboard

Cross Site Scripting (XSS)
Tue May 16 00:49:07 EDT 2017

An ID is not being escaped, resulting in a possible XSS vulnerability.



Package auditing tools

 Composer [DevAudit] [ALPHA]