Vulnerability Database

Composer Packages Exposure

Composer is a dependency manager for PHP. It allows you to declare the libraries your project depends on, and it will manage (install/update) them for you.

Composer artefacts such as composer.json and composer.lock can reveal the presence of internal software dependencies, version, directories and other sensitive information that be used by attackers.


Ensure that all build artefacts such as composer.json and composer.lock are removed prior to publishing your solution.


  • Specifically designed for medium and large Enterprises
  • All Tools, Services, and Plans
  • Single Sign-On Integration, Single Tenant
  • Dedicated Support, Custom Integrations
  • Annual or Monthly, Fixed-cost Billing