The PEAR (PHP Extension Collection) repository has been identified to have two critical code vulnerabilities, which could be exploited by threat actors with minimal technical expertise, causing significant disruption and security breaches globally. The first vulnerability is related to the password reset functionality, allowing attackers to take over any developer account and publish malicious releases. The second vulnerability involves a bug in the Archive_Tar library, which enables remote code execution on the server, granting attackers persistent access and the ability to alter package releases. These vulnerabilities have been present for more than a decade and were easily identifiable but not actively patched by the PEAR maintainers until after they were reported to them. The maintainers released patches, and the vulnerabilities were publicly presented at Insomni'hack, highlighting the importance of security contributions from companies relying on PEAR. It is recommended that users review their use of PEAR and consider migrating to Composer, which has a more active contributor community and similar packages available.