GitHub Actions issued GitHub_TOKEN disclosure in GitHub Actions logs
Summary
A security vulnerability in GitHub Actions led to the disclosure of GitHub_TOKEN in logs, potentially exposing credentials.
View Cached Full Text
Cached at: 05/13/26, 09:16 PM
composer/composer
Source: https://github.com/composer/composer
Dependency Management for PHP
Composer helps you declare, manage, and install dependencies of PHP projects.
See https://getcomposer.org/ for more information and documentation.
Installation / Usage
Download and install Composer by following the official instructions.
For usage, see the documentation.
Packages
Find public packages on Packagist.org.
For private package hosting take a look at Private Packagist.
Community
Follow @packagist or @seldaek on X for announcements, or check the #composerphp hashtag.
For support, Stack Overflow offers a good collection of Composer related questions, or you can use the GitHub discussions.
Please note that this project is released with a Contributor Code of Conduct. By participating in this project and its community you agree to abide by those terms.
Requirements
Latest Composer
PHP 7.2.5 or above for the latest version.
Composer 2.2 LTS (Long Term Support)
PHP versions 5.3.2 - 8.1 are still supported via the LTS releases of Composer (2.2.x). If you
run the installer or the self-update command the appropriate Composer version for your PHP
should be automatically selected.
Binary dependencies
unzip(or7z/7zz)gziptarunrarxz- Git (
git) - Mercurial (
hg) - Fossil (
fossil) - Perforce (
p4) - Subversion (
svn)
The need for these binary dependencies may vary depending on individual use cases. For most users,
only 2 dependencies are essential for Composer: unzip (or 7z/7zz), and git. If the
ext-zip extension is available, only git
is needed, but this is not recommended.
Authors
- Nils Adermann | GitHub | X | [email protected] | naderman.de
- Jordi Boggiano | GitHub | X | [email protected] | seld.be
See also the list of contributors who participated in this project.
Security Reports
Please send any sensitive issue to [email protected]. Thanks!
License
Composer is licensed under the MIT License - see the LICENSE file for details.
Acknowledgments
- This project’s Solver started out as a PHP port of openSUSE’s Libzypp satsolver.
Similar Articles
Full Disclosure: 1-Click GitHub Token Stealing via a VSCode Bug
A security researcher discloses a critical vulnerability in VSCode's webview that allows attackers to steal full-access GitHub OAuth tokens by luring users to click a link. The bug affects the github.dev web editor.
Github: internal repositories have been accessed
A security incident at GitHub led to unauthorized access to internal repositories.
Grafana Labs internal source code accessed
Grafana Labs disclosed that an unauthorized party obtained a token granting access to its GitHub environment, enabling the threat actor to download the company's codebase.
Incident with Actions and Pages
GitHub experienced degraded performance and authentication issues affecting Actions and Pages on May 26, 2026. The incident was under investigation and mitigation.
GitHub Compromised
GitHub disclosed a security incident where an employee device was compromised via a malicious VS Code extension, leading to unauthorized access to internal repositories. The company removed the extension and initiated incident response.