Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/laravel/framework@6.20.45
purl pkg:composer/laravel/framework@6.20.45
Next non-vulnerable version 10.48.29
Latest non-vulnerable version 12.1.1
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-tzy8-b9et-fyd9
Aliases:
CVE-2025-27515
GHSA-78fx-h6xr-vch4
Laravel has a File Validation Bypass When using wildcard validation to validate a given file or image field array (`files.*`), a user-crafted malicious request could potentially bypass the validation rules.
10.48.29
Affected by 0 other vulnerabilities.
11.44.1
Affected by 0 other vulnerabilities.
12.1.1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-fhw2-erwk-fqf4 Laravel environment manipulation via query string When the `register_argc_argv php` directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. CVE-2024-52301
GHSA-gv7v-rgg6-548h

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-06T05:41:29.459164+00:00 GitLab Importer Affected by VCID-tzy8-b9et-fyd9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/laravel/framework/CVE-2025-27515.yml 38.6.0
2026-06-04T16:49:59.838324+00:00 GithubOSV Importer Fixing VCID-fhw2-erwk-fqf4 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-gv7v-rgg6-548h/GHSA-gv7v-rgg6-548h.json 38.6.0
2026-06-04T16:22:36.130162+00:00 GitLab Importer Fixing VCID-fhw2-erwk-fqf4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/laravel/framework/CVE-2024-52301.yml 38.6.0