VulnerableCode Package Details - pkg:composer/laravel/framework@6.20.26

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-hca6-rm5r-2ufs	laravel framework SQL Injection via limit and offset functions Those using SQL Server with Laravel and allowing user input to be passed directly to the limit and offset functions are vulnerable to SQL injection. Other database drivers such as MySQL and Postgres are not affected by this vulnerability.	GHSA-wq8p-mqvg-2p5h
VCID-zj39-eevs-kug3	SQL Server LIMIT / OFFSET SQL Injection in laravel/framework and illuminate/database ### Impact Those using SQL Server with Laravel and allowing user input to be passed directly to the `limit` and `offset` functions is vulnerable to SQL injection. Other database drivers such as MySQL and Postgres are not affected by this vulnerability. ### Patches This problem has been patched on Laravel versions 6.20.26, 7.30.5, and 8.40.0. ### Workarounds You may workaround this vulnerability by ensuring that only integers are passed to the `limit` and `offset` functions, as well as the `skip` and `take` functions.	GHSA-4mg9-vhxq-vm7j GMS-2021-113 GMS-2021-115

Vulnerability

Summary

Aliases

VCID-hca6-rm5r-2ufs

laravel framework SQL Injection via limit and offset functions Those using SQL Server with Laravel and allowing user input to be passed directly to the limit and offset functions are vulnerable to SQL injection. Other database drivers such as MySQL and Postgres are not affected by this vulnerability.

GHSA-wq8p-mqvg-2p5h

VCID-zj39-eevs-kug3

SQL Server LIMIT / OFFSET SQL Injection in laravel/framework and illuminate/database ### Impact Those using SQL Server with Laravel and allowing user input to be passed directly to the `limit` and `offset` functions is vulnerable to SQL injection. Other database drivers such as MySQL and Postgres are not affected by this vulnerability. ### Patches This problem has been patched on Laravel versions 6.20.26, 7.30.5, and 8.40.0. ### Workarounds You may workaround this vulnerability by ensuring that only integers are passed to the `limit` and `offset` functions, as well as the `skip` and `take` functions.

GHSA-4mg9-vhxq-vm7j
GMS-2021-113
GMS-2021-115

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T17:27:04.403989+00:00	GithubOSV Importer	Fixing	VCID-zj39-eevs-kug3	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-4mg9-vhxq-vm7j/GHSA-4mg9-vhxq-vm7j.json	38.6.0
2026-06-04T16:51:11.506336+00:00	GithubOSV Importer	Fixing	VCID-hca6-rm5r-2ufs	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-wq8p-mqvg-2p5h/GHSA-wq8p-mqvg-2p5h.json	38.6.0
2026-06-04T16:21:42.893344+00:00	GitLab Importer	Fixing	VCID-hca6-rm5r-2ufs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/laravel/framework/GHSA-wq8p-mqvg-2p5h.yml	38.6.0
2026-06-04T16:21:07.492557+00:00	GitLab Importer	Fixing	VCID-zj39-eevs-kug3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/laravel/framework/GMS-2021-115.yml	38.6.0