laravel/framework Security Advisories for 4.0.x-dev (8)
-
[MEDIUM] Laravel has a File Validation Bypass
PKSA-8qx3-n5y5-vvnd CVE-2025-27515 GHSA-78fx-h6xr-vch4
Affected version: <10.48.29|>=11.0.0,<11.44.1|>=12.0.0,<12.1.1
Reported by:
GitHub -
[HIGH] Laravel environment manipulation via query string
PKSA-w7xr-vk7n-rstm CVE-2024-52301 GHSA-gv7v-rgg6-548h
Affected version: <6.20.45|>=7.0.0,<7.30.7|>=8.0.0,<8.83.28|>=9.0.0,<9.52.17|>=10.0.0,<10.48.23|>=11.0.0,<11.31.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Laravel Hijacked authentication cookies vulnerability
PKSA-6wgv-k7p1-h4fg GHSA-p62r-7637-3wwc
Affected version: >=4.0.0,<4.1.26
Reported by:
GitHub -
[MEDIUM] Laravel Risk of mass-assignment vulnerabilities
PKSA-11c9-dxsr-yqjb GHSA-rj3w-99gc-8j58
Affected version: >=4.0.0,<4.1.29
Reported by:
GitHub -
[HIGH] Laravel Framework RCE Vulnerability
PKSA-3qhw-gzjt-j63j CVE-2018-15133 GHSA-qvqm-h22r-4cp9
Affected version: >=5.6.0,<=5.6.29|<=5.5.40
Reported by:
GitHub -
[HIGH] OS Command Injection in Laravel Framework
PKSA-17kp-jm2n-vxzz CVE-2020-19316 GHSA-w2pm-r78h-4m7v
Affected version: <5.8.17
Reported by:
GitHub -
[HIGH] Improper Input Validation in Laravel
PKSA-7ywf-hktb-jkn9 CVE-2020-24941 GHSA-w68r-5p45-5rqp
Affected version: >=7.0.0,<7.24.0|<6.18.35
Reported by:
GitHub -
[MEDIUM] Possible cross-site scripting (XSS) vulnerability in the Blade templating engine
PKSA-njrm-6dtg-m2pc CVE-2021-43808 GHSA-66hf-2p6w-jqfw
Affected version: <6.20.42|>=7.0.0,<7.30.6|>=8.0.0,<8.75.0
Reported by:
GitHub, FriendsOfPHP/security-advisories