VulnerableCode Package Details - pkg:composer/laravel/framework@5.6.30

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1apm-fx9d-3ufe	Laravel Framework RCE Vulnerability In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in `Illuminate/Encryption/Encrypter.php` and PendingBroadcast in `gadgetchains/Laravel/RCE/3/chain.php` in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.	CVE-2018-15133 GHSA-qvqm-h22r-4cp9
VCID-c1e9-2tyr-j3e9	Session Fixation Cookie serialization vulnerability in laravel framework.	GMS-2018-73
VCID-tvc5-aur6-v3dq	Laravel Cookie serialization vulnerability Laravel 5.6.30 is a security release of Laravel and is recommended as an immediate upgrade for all users. Laravel 5.6.30 also contains a breaking change to cookie encryption and serialization logic. Refer to [laravel advisory](https://laravel.com/docs/5.6/upgrade#upgrade-5.6.30) for more details and read the notes carefully when upgrading your application.	GHSA-6jvx-8ch9-j2jr

Vulnerability

Summary

Aliases

VCID-1apm-fx9d-3ufe

Laravel Framework RCE Vulnerability In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in `Illuminate/Encryption/Encrypter.php` and PendingBroadcast in `gadgetchains/Laravel/RCE/3/chain.php` in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.

CVE-2018-15133
GHSA-qvqm-h22r-4cp9

VCID-c1e9-2tyr-j3e9

Session Fixation Cookie serialization vulnerability in laravel framework.

GMS-2018-73

VCID-tvc5-aur6-v3dq

Laravel Cookie serialization vulnerability Laravel 5.6.30 is a security release of Laravel and is recommended as an immediate upgrade for all users. Laravel 5.6.30 also contains a breaking change to cookie encryption and serialization logic. Refer to [laravel advisory](https://laravel.com/docs/5.6/upgrade#upgrade-5.6.30) for more details and read the notes carefully when upgrading your application.

GHSA-6jvx-8ch9-j2jr

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T18:04:51.151464+00:00	GithubOSV Importer	Fixing	VCID-1apm-fx9d-3ufe	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qvqm-h22r-4cp9/GHSA-qvqm-h22r-4cp9.json	38.6.0
2026-06-04T16:51:13.773675+00:00	GithubOSV Importer	Fixing	VCID-tvc5-aur6-v3dq	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-6jvx-8ch9-j2jr/GHSA-6jvx-8ch9-j2jr.json	38.6.0
2026-06-04T16:21:43.249818+00:00	GitLab Importer	Fixing	VCID-tvc5-aur6-v3dq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/laravel/framework/GHSA-6jvx-8ch9-j2jr.yml	38.6.0
2026-06-02T04:43:26.281316+00:00	GitLab Importer	Fixing	VCID-1apm-fx9d-3ufe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/laravel/framework/CVE-2018-15133.yml	38.6.0
2026-06-02T04:38:10.337622+00:00	GitLab Importer	Fixing	VCID-c1e9-2tyr-j3e9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/laravel/framework/GMS-2018-73.yml	38.6.0