VulnerableCode Package Details - pkg:composer/laravel/framework@8.83.18

Search for packages

Vulnerability	Summary	Fixed by
VCID-2ujb-xr8g-uqb4 Aliases: CVE-2025-27515 GHSA-78fx-h6xr-vch4	Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1.	10.48.29 Affected by 0 other vulnerabilities. 11.44.1 Affected by 0 other vulnerabilities. 12.1.1 Affected by 0 other vulnerabilities.
VCID-4g76-upmf-sqh5 Aliases: CVE-2022-40482	The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a user is found to not exist.	9.32.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-u7f4-wtvf-gkbf Aliases: CVE-2024-52301 GHSA-gv7v-rgg6-548h	Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs.	8.83.28 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 9.0.0-beta.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 9.52.17 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 10.48.23 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 11.31.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-2ujb-xr8g-uqb4
Aliases:
CVE-2025-27515
GHSA-78fx-h6xr-vch4

Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1.

10.48.29
Affected by 0 other vulnerabilities.

11.44.1
Affected by 0 other vulnerabilities.

12.1.1
Affected by 0 other vulnerabilities.

VCID-4g76-upmf-sqh5
Aliases:
CVE-2022-40482

The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a user is found to not exist.

9.32.0
Affected by 2 other vulnerabilities.

VCID-u7f4-wtvf-gkbf
Aliases:
CVE-2024-52301
GHSA-gv7v-rgg6-548h

Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs.

8.83.28
Affected by 1 other vulnerability.

9.0.0-beta.1
Affected by 2 other vulnerabilities.

9.52.17
Affected by 1 other vulnerability.

10.48.23
Affected by 1 other vulnerability.

11.31.0
Affected by 3 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T19:54:10.961605+00:00	GitLab Importer	Affected by	VCID-2ujb-xr8g-uqb4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/laravel/framework/CVE-2025-27515.yml	38.6.0
2026-06-12T19:46:35.682501+00:00	GitLab Importer	Affected by	VCID-u7f4-wtvf-gkbf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/laravel/framework/CVE-2024-52301.yml	38.6.0
2026-06-12T18:53:22.893851+00:00	GitLab Importer	Affected by	VCID-4g76-upmf-sqh5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/laravel/framework/CVE-2022-40482.yml	38.6.0