Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/laravel/framework@10.36.0
purl pkg:composer/laravel/framework@10.36.0
Next non-vulnerable version 10.48.29
Latest non-vulnerable version 12.1.1
Risk
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-fhw2-erwk-fqf4
Aliases:
CVE-2024-52301
GHSA-gv7v-rgg6-548h
Laravel environment manipulation via query string When the `register_argc_argv php` directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request.
10.48.23
Affected by 1 other vulnerability.
11.31.0
Affected by 3 other vulnerabilities.
VCID-tzy8-b9et-fyd9
Aliases:
CVE-2025-27515
GHSA-78fx-h6xr-vch4
Laravel has a File Validation Bypass When using wildcard validation to validate a given file or image field array (`files.*`), a user-crafted malicious request could potentially bypass the validation rules.
10.48.29
Affected by 0 other vulnerabilities.
11.44.1
Affected by 0 other vulnerabilities.
12.1.1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (5)
Vulnerability Summary Aliases
VCID-aju9-h338-mfhf Cryptographic Issues Exploit of encryption failure vulnerability GMS-2018-72
VCID-c1e9-2tyr-j3e9 Session Fixation Cookie serialization vulnerability in laravel framework. GMS-2018-73
VCID-usjt-qpea-6yac Session Fixation Hijacked authentication cookies vulnerability. GMS-2014-41
VCID-xv5e-yt52-d7ae Unrestricted Upload of File with Dangerous Type Laravel Framework does not sufficiently block the upload of executable PHP content because `Illuminate/Validation/Concerns/ValidatesAttributes.php` lacks a check for `.phar` files, which are handled as application/x-httpd-php on systems based on Debian. Note, this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload. CVE-2021-43617
GHSA-364w-9g92-3grq
VCID-zg1j-9fvd-bqek Unsafe payload decryption There's a potential exploit of the Laravel Encrypter component that may cause the Encrypter to fail on decryption and unexpectedly return false. To exploit this, the attacker must be able to modify the encrypted payload before it is decrypted. This could lead to unexpected behavior when combined with weak type comparisons. GMS-2018-27

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-06T05:41:31.352177+00:00 GitLab Importer Affected by VCID-tzy8-b9et-fyd9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/laravel/framework/CVE-2025-27515.yml 38.6.0
2026-06-06T05:30:58.558800+00:00 GitLab Importer Affected by VCID-fhw2-erwk-fqf4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/laravel/framework/CVE-2024-52301.yml 38.6.0
2026-06-06T01:09:24.409850+00:00 GitLab Importer Fixing VCID-xv5e-yt52-d7ae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/laravel/framework/CVE-2021-43617.yml 38.6.0
2026-06-04T20:14:23.760354+00:00 GitLab Importer Fixing VCID-c1e9-2tyr-j3e9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/laravel/framework/GMS-2018-73.yml 38.6.0
2026-06-04T20:11:44.115679+00:00 GitLab Importer Fixing VCID-aju9-h338-mfhf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/laravel/framework/GMS-2018-72.yml 38.6.0
2026-06-04T20:11:43.426398+00:00 GitLab Importer Fixing VCID-zg1j-9fvd-bqek https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/laravel/framework/GMS-2018-27.yml 38.6.0
2026-06-04T20:04:06.775114+00:00 GitLab Importer Fixing VCID-usjt-qpea-6yac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/laravel/framework/GMS-2014-41.yml 38.6.0