Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/illuminate/auth@5.5.0
purl pkg:composer/illuminate/auth@5.5.0
Next non-vulnerable version 5.5.40
Latest non-vulnerable version 5.6.15
Risk
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-eqzu-3cmt-2ube
Aliases:
CVE-2017-14775
GHSA-c2v7-j5gq-wcq4
Close remember_me Timing Attack Vector This package mishandles the `remember_me token` verification process because `DatabaseUserProvider` does not have constant-time token comparison.
5.5.10
Affected by 0 other vulnerabilities.
5.5.15
Affected by 1 other vulnerability.
VCID-yuwm-88g2-jke5
Aliases:
GMS-2018-28
Unsafe payload decryption There's a potential exploit of the Laravel Encrypter component that may cause the Encrypter to fail on decryption and unexpectedly return false. To exploit this, the attacker must be able to modify the encrypted payload before it is decrypted. This could lead to unexpected behavior when combined with weak type comparisons.
5.5.40
Affected by 0 other vulnerabilities.
5.6.15
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-04T20:11:42.656529+00:00 GitLab Importer Affected by VCID-yuwm-88g2-jke5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/illuminate/auth/GMS-2018-28.yml 38.6.0
2026-06-04T20:09:07.577094+00:00 GitLab Importer Affected by VCID-eqzu-3cmt-2ube https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/illuminate/auth/CVE-2017-14775.yml 38.6.0