vulnerabilities in composer dependencies

ugh, composer.

There are 4 composer security advisories affecting our repositories.

swiftmailer/swiftmailer (CVE-2024-28859)

Deserialization Gadget chain in Swift Mailer
details

Affected repositories (1)

mediawiki/extensions/SwiftMailer

twig/twig (CVE-2024-51754)

Unguarded calls to __toString() when nesting an object into an array
details

Affected repositories (1)

wikimedia/slimapp

twig/twig (CVE-2024-51755)

Unguarded calls to __isset() and to array-accesses when the sandbox is enabled
details

Affected repositories (1)

wikimedia/slimapp

phpoffice/phpspreadsheet (CVE-2025-54370)

PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser
details

Affected repositories (1)

mediawiki/extensions/DataTransfer

Source code is licensed under the AGPL.