Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/laravel/framework@4.0.5
Typecomposer
Namespacelaravel
Nameframework
Version4.0.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version10.48.29
Latest_non_vulnerable_version12.1.1
Affected_by_vulnerabilities
0
url VCID-2ujb-xr8g-uqb4
vulnerability_id VCID-2ujb-xr8g-uqb4
summary Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27515
reference_id
reference_type
scores
0
value 0.00218
scoring_system epss
scoring_elements 0.44506
published_at 2026-06-11T12:55:00Z
1
value 0.00218
scoring_system epss
scoring_elements 0.4466
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27515
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27515
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27515
2
reference_url https://github.com/laravel/framework
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework
3
reference_url https://github.com/laravel/framework/commit/2d133034fefddfb047838f4caca3687a3ba811a5
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework/commit/2d133034fefddfb047838f4caca3687a3ba811a5
4
reference_url https://github.com/laravel/framework/commit/a4f7a8f9b83e21882abeef78c3174c66b0f4a26b
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework/commit/a4f7a8f9b83e21882abeef78c3174c66b0f4a26b
5
reference_url https://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27515
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27515
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103881
reference_id 1103881
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103881
8
reference_url https://github.com/advisories/GHSA-78fx-h6xr-vch4
reference_id GHSA-78fx-h6xr-vch4
reference_type
scores
url https://github.com/advisories/GHSA-78fx-h6xr-vch4
fixed_packages
0
url pkg:composer/laravel/framework@10.48.29
purl pkg:composer/laravel/framework@10.48.29
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@10.48.29
1
url pkg:composer/laravel/framework@11.44.1
purl pkg:composer/laravel/framework@11.44.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@11.44.1
2
url pkg:composer/laravel/framework@12.1.1
purl pkg:composer/laravel/framework@12.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@12.1.1
aliases CVE-2025-27515, GHSA-78fx-h6xr-vch4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ujb-xr8g-uqb4
1
url VCID-37ee-q11f-w3eb
vulnerability_id VCID-37ee-q11f-w3eb
summary 
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Risk of mass-assignment vulnerabilities in laravel framework.
references
0
reference_url https://laravel.com/docs/5.3/upgrade#upgrade-4.1.29
reference_id
reference_type
scores
url https://laravel.com/docs/5.3/upgrade#upgrade-4.1.29
fixed_packages
0
url pkg:composer/laravel/framework@4.1.29
purl pkg:composer/laravel/framework@4.1.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-62fb-25yd-tbgx
2
vulnerability VCID-6kf8-kaxs-2ubs
3
vulnerability VCID-77hd-k355-aybk
4
vulnerability VCID-94xh-sh2d-kkbm
5
vulnerability VCID-dey5-mvbh-8kee
6
vulnerability VCID-dv5r-38eg-w3ea
7
vulnerability VCID-rjva-g7q4-bkha
8
vulnerability VCID-s75k-mye8-2bfw
9
vulnerability VCID-safb-6nw5-2yew
10
vulnerability VCID-te2h-zw6x-tuhq
11
vulnerability VCID-tr3h-je2s-u3g4
12
vulnerability VCID-u7f4-wtvf-gkbf
13
vulnerability VCID-y6fk-xf4d-eqdf
14
vulnerability VCID-yje3-58x5-jqh7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@4.1.29
1
url pkg:composer/laravel/framework@4.2.0-BETA1
purl pkg:composer/laravel/framework@4.2.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-62fb-25yd-tbgx
2
vulnerability VCID-6kf8-kaxs-2ubs
3
vulnerability VCID-77hd-k355-aybk
4
vulnerability VCID-94xh-sh2d-kkbm
5
vulnerability VCID-dey5-mvbh-8kee
6
vulnerability VCID-dv5r-38eg-w3ea
7
vulnerability VCID-rjva-g7q4-bkha
8
vulnerability VCID-safb-6nw5-2yew
9
vulnerability VCID-te2h-zw6x-tuhq
10
vulnerability VCID-u7f4-wtvf-gkbf
11
vulnerability VCID-y6fk-xf4d-eqdf
12
vulnerability VCID-yje3-58x5-jqh7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@4.2.0-BETA1
aliases GMS-2014-42
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-37ee-q11f-w3eb
2
url VCID-62fb-25yd-tbgx
vulnerability_id VCID-62fb-25yd-tbgx
summary 
Unsafe payload decryption
There's a potential exploit of the Laravel Encrypter component that may cause the Encrypter to fail on decryption and unexpectedly return false. To exploit this, the attacker must be able to modify the encrypted payload before it is decrypted. This could lead to unexpected behavior when combined with weak type comparisons.
references
0
reference_url https://medium.com/@taylorotwell/laravel-security-release-5-6-15-and-5-5-40-56f1257933a0
reference_id
reference_type
scores
url https://medium.com/@taylorotwell/laravel-security-release-5-6-15-and-5-5-40-56f1257933a0
fixed_packages
0
url pkg:composer/laravel/framework@5.5.40
purl pkg:composer/laravel/framework@5.5.40
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-3tnn-m2nq-uqc3
2
vulnerability VCID-6kf8-kaxs-2ubs
3
vulnerability VCID-77hd-k355-aybk
4
vulnerability VCID-dey5-mvbh-8kee
5
vulnerability VCID-dv5r-38eg-w3ea
6
vulnerability VCID-rjva-g7q4-bkha
7
vulnerability VCID-safb-6nw5-2yew
8
vulnerability VCID-te2h-zw6x-tuhq
9
vulnerability VCID-tr3h-je2s-u3g4
10
vulnerability VCID-u7f4-wtvf-gkbf
11
vulnerability VCID-ueh2-52a2-juf8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@5.5.40
1
url pkg:composer/laravel/framework@5.6.15
purl pkg:composer/laravel/framework@5.6.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-6kf8-kaxs-2ubs
2
vulnerability VCID-77hd-k355-aybk
3
vulnerability VCID-dey5-mvbh-8kee
4
vulnerability VCID-dv5r-38eg-w3ea
5
vulnerability VCID-rjva-g7q4-bkha
6
vulnerability VCID-safb-6nw5-2yew
7
vulnerability VCID-te2h-zw6x-tuhq
8
vulnerability VCID-tr3h-je2s-u3g4
9
vulnerability VCID-u7f4-wtvf-gkbf
10
vulnerability VCID-ueh2-52a2-juf8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@5.6.15
2
url pkg:composer/laravel/framework@10.36.0
purl pkg:composer/laravel/framework@10.36.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-u7f4-wtvf-gkbf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@10.36.0
aliases GMS-2018-27
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-62fb-25yd-tbgx
3
url VCID-6kf8-kaxs-2ubs
vulnerability_id VCID-6kf8-kaxs-2ubs
summary An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-24941
reference_id
reference_type
scores
0
value 0.00214
scoring_system epss
scoring_elements 0.43987
published_at 2026-06-11T12:55:00Z
1
value 0.00214
scoring_system epss
scoring_elements 0.44141
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-24941
1
reference_url https://blog.laravel.com/security-release-laravel-61835-7240
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.laravel.com/security-release-laravel-61835-7240
2
reference_url https://github.com/laravel/framework/commit/897d107775737a958dbd0b2f3ea37877c7526371
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework/commit/897d107775737a958dbd0b2f3ea37877c7526371
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-24941
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-24941
4
reference_url https://github.com/advisories/GHSA-w68r-5p45-5rqp
reference_id GHSA-w68r-5p45-5rqp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w68r-5p45-5rqp
fixed_packages
0
url pkg:composer/laravel/framework@6.18.35
purl pkg:composer/laravel/framework@6.18.35
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-77hd-k355-aybk
2
vulnerability VCID-dey5-mvbh-8kee
3
vulnerability VCID-dv5r-38eg-w3ea
4
vulnerability VCID-eu4h-u34t-yfag
5
vulnerability VCID-muvu-yk1g-quam
6
vulnerability VCID-u7f4-wtvf-gkbf
7
vulnerability VCID-w6h7-vqjt-5khn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@6.18.35
1
url pkg:composer/laravel/framework@7.24.0
purl pkg:composer/laravel/framework@7.24.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-77hd-k355-aybk
2
vulnerability VCID-dey5-mvbh-8kee
3
vulnerability VCID-dv5r-38eg-w3ea
4
vulnerability VCID-eu4h-u34t-yfag
5
vulnerability VCID-u7f4-wtvf-gkbf
6
vulnerability VCID-w6h7-vqjt-5khn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@7.24.0
aliases CVE-2020-24941, GHSA-w68r-5p45-5rqp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6kf8-kaxs-2ubs
4
url VCID-77hd-k355-aybk
vulnerability_id VCID-77hd-k355-aybk
summary Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the query builder, an unexpected number of query bindings can be added to the query. In some situations, this will simply lead to no results being returned by the query builder; however, it is possible certain queries could be affected in a way that causes the query to return unexpected results.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21263
reference_id
reference_type
scores
0
value 0.01139
scoring_system epss
scoring_elements 0.78825
published_at 2026-06-11T12:55:00Z
1
value 0.01139
scoring_system epss
scoring_elements 0.7889
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21263
1
reference_url https://blog.laravel.com/security-laravel-62011-7302-8221-released
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.laravel.com/security-laravel-62011-7302-8221-released
2
reference_url https://blog.laravel.com/security-laravel-62012-7303-released
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.laravel.com/security-laravel-62012-7303-released
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21263
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21263
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/illuminate/database/CVE-2021-21263.yaml
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/illuminate/database/CVE-2021-21263.yaml
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/CVE-2021-21263.yaml
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/CVE-2021-21263.yaml
6
reference_url https://github.com/laravel/framework/pull/35865
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework/pull/35865
7
reference_url https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21263
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21263
9
reference_url https://packagist.org/packages/illuminate/database
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/illuminate/database
10
reference_url https://packagist.org/packages/laravel/framework
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/laravel/framework
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980095
reference_id 980095
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980095
fixed_packages
0
url pkg:composer/laravel/framework@6.20.11
purl pkg:composer/laravel/framework@6.20.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-77hd-k355-aybk
2
vulnerability VCID-dey5-mvbh-8kee
3
vulnerability VCID-dv5r-38eg-w3ea
4
vulnerability VCID-eu4h-u34t-yfag
5
vulnerability VCID-muvu-yk1g-quam
6
vulnerability VCID-u7f4-wtvf-gkbf
7
vulnerability VCID-w6h7-vqjt-5khn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@6.20.11
1
url pkg:composer/laravel/framework@6.20.12
purl pkg:composer/laravel/framework@6.20.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-dey5-mvbh-8kee
2
vulnerability VCID-dv5r-38eg-w3ea
3
vulnerability VCID-eu4h-u34t-yfag
4
vulnerability VCID-muvu-yk1g-quam
5
vulnerability VCID-u7f4-wtvf-gkbf
6
vulnerability VCID-w6h7-vqjt-5khn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@6.20.12
2
url pkg:composer/laravel/framework@7.30.2
purl pkg:composer/laravel/framework@7.30.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-77hd-k355-aybk
2
vulnerability VCID-dey5-mvbh-8kee
3
vulnerability VCID-dv5r-38eg-w3ea
4
vulnerability VCID-eu4h-u34t-yfag
5
vulnerability VCID-u7f4-wtvf-gkbf
6
vulnerability VCID-w6h7-vqjt-5khn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@7.30.2
3
url pkg:composer/laravel/framework@7.30.3
purl pkg:composer/laravel/framework@7.30.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-dey5-mvbh-8kee
2
vulnerability VCID-dv5r-38eg-w3ea
3
vulnerability VCID-eu4h-u34t-yfag
4
vulnerability VCID-u7f4-wtvf-gkbf
5
vulnerability VCID-w6h7-vqjt-5khn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@7.30.3
4
url pkg:composer/laravel/framework@8.22.1
purl pkg:composer/laravel/framework@8.22.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-4g76-upmf-sqh5
2
vulnerability VCID-dey5-mvbh-8kee
3
vulnerability VCID-dv5r-38eg-w3ea
4
vulnerability VCID-eu4h-u34t-yfag
5
vulnerability VCID-u7f4-wtvf-gkbf
6
vulnerability VCID-w6h7-vqjt-5khn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@8.22.1
aliases CVE-2021-21263, GHSA-3p32-j457-pg5x
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-77hd-k355-aybk
5
url VCID-7muv-8dfc-ukdx
vulnerability_id VCID-7muv-8dfc-ukdx
summary 
Session Fixation
Hijacked authentication cookies vulnerability.
references
0
reference_url https://laravel.com/docs/5.3/upgrade#upgrade-4.1.26
reference_id
reference_type
scores
url https://laravel.com/docs/5.3/upgrade#upgrade-4.1.26
fixed_packages
0
url pkg:composer/laravel/framework@4.1.26
purl pkg:composer/laravel/framework@4.1.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-37ee-q11f-w3eb
2
vulnerability VCID-62fb-25yd-tbgx
3
vulnerability VCID-6kf8-kaxs-2ubs
4
vulnerability VCID-77hd-k355-aybk
5
vulnerability VCID-94xh-sh2d-kkbm
6
vulnerability VCID-dey5-mvbh-8kee
7
vulnerability VCID-dv5r-38eg-w3ea
8
vulnerability VCID-rjva-g7q4-bkha
9
vulnerability VCID-s75k-mye8-2bfw
10
vulnerability VCID-safb-6nw5-2yew
11
vulnerability VCID-te2h-zw6x-tuhq
12
vulnerability VCID-tr3h-je2s-u3g4
13
vulnerability VCID-tube-xb7s-yfay
14
vulnerability VCID-u7f4-wtvf-gkbf
15
vulnerability VCID-y6fk-xf4d-eqdf
16
vulnerability VCID-yje3-58x5-jqh7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@4.1.26
1
url pkg:composer/laravel/framework@10.36.0
purl pkg:composer/laravel/framework@10.36.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-u7f4-wtvf-gkbf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@10.36.0
aliases GMS-2014-41
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7muv-8dfc-ukdx
6
url VCID-94xh-sh2d-kkbm
vulnerability_id VCID-94xh-sh2d-kkbm
summary Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-14775
reference_id
reference_type
scores
0
value 0.00289
scoring_system epss
scoring_elements 0.52725
published_at 2026-06-11T12:55:00Z
1
value 0.00289
scoring_system epss
scoring_elements 0.52854
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-14775
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/illuminate/auth/CVE-2017-14775.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/illuminate/auth/CVE-2017-14775.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/CVE-2017-14775.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/CVE-2017-14775.yaml
3
reference_url https://github.com/laravel/framework/pull/21320
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework/pull/21320
4
reference_url https://github.com/laravel/framework/releases/tag/v5.5.10
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework/releases/tag/v5.5.10
5
reference_url https://laravel-news.com/laravel-v5-5-11
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://laravel-news.com/laravel-v5-5-11
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-14775
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-14775
fixed_packages
0
url pkg:composer/laravel/framework@5.5.10
purl pkg:composer/laravel/framework@5.5.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-3tnn-m2nq-uqc3
2
vulnerability VCID-62fb-25yd-tbgx
3
vulnerability VCID-6kf8-kaxs-2ubs
4
vulnerability VCID-77hd-k355-aybk
5
vulnerability VCID-dey5-mvbh-8kee
6
vulnerability VCID-dv5r-38eg-w3ea
7
vulnerability VCID-rjva-g7q4-bkha
8
vulnerability VCID-s75k-mye8-2bfw
9
vulnerability VCID-safb-6nw5-2yew
10
vulnerability VCID-te2h-zw6x-tuhq
11
vulnerability VCID-tr3h-je2s-u3g4
12
vulnerability VCID-u7f4-wtvf-gkbf
13
vulnerability VCID-ueh2-52a2-juf8
14
vulnerability VCID-yje3-58x5-jqh7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@5.5.10
aliases CVE-2017-14775, GHSA-c2v7-j5gq-wcq4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-94xh-sh2d-kkbm
7
url VCID-dey5-mvbh-8kee
vulnerability_id VCID-dey5-mvbh-8kee
summary Laravel Framework XSS in Blade templating engine
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-43808
reference_id
reference_type
scores
0
value 0.00359
scoring_system epss
scoring_elements 0.58635
published_at 2026-06-12T12:55:00Z
1
value 0.00359
scoring_system epss
scoring_elements 0.58523
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-43808
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43808
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43808
2
reference_url https://github.com/laravel/framework
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework
3
reference_url https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b
4
reference_url https://github.com/laravel/framework/pull/39906
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework/pull/39906
5
reference_url https://github.com/laravel/framework/pull/39908
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework/pull/39908
6
reference_url https://github.com/laravel/framework/pull/39909
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework/pull/39909
7
reference_url https://github.com/laravel/framework/releases/tag/v6.20.42
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework/releases/tag/v6.20.42
8
reference_url https://github.com/laravel/framework/releases/tag/v7.30.6
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework/releases/tag/v7.30.6
9
reference_url https://github.com/laravel/framework/releases/tag/v8.75.0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework/releases/tag/v8.75.0
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001333
reference_id 1001333
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001333
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-43808
reference_id CVE-2021-43808
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-43808
12
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/illuminate/view/CVE-2021-43808.yaml
reference_id CVE-2021-43808.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/illuminate/view/CVE-2021-43808.yaml
13
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/CVE-2021-43808.yaml
reference_id CVE-2021-43808.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/CVE-2021-43808.yaml
14
reference_url https://github.com/advisories/GHSA-66hf-2p6w-jqfw
reference_id GHSA-66hf-2p6w-jqfw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-66hf-2p6w-jqfw
15
reference_url https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw
reference_id GHSA-66hf-2p6w-jqfw
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw
fixed_packages
0
url pkg:composer/laravel/framework@6.20.42
purl pkg:composer/laravel/framework@6.20.42
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-muvu-yk1g-quam
2
vulnerability VCID-u7f4-wtvf-gkbf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@6.20.42
1
url pkg:composer/laravel/framework@7.30.6
purl pkg:composer/laravel/framework@7.30.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-u7f4-wtvf-gkbf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@7.30.6
2
url pkg:composer/laravel/framework@8.75.0
purl pkg:composer/laravel/framework@8.75.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-4g76-upmf-sqh5
2
vulnerability VCID-u7f4-wtvf-gkbf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@8.75.0
aliases CVE-2021-43808, GHSA-66hf-2p6w-jqfw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dey5-mvbh-8kee
8
url VCID-dv5r-38eg-w3ea
vulnerability_id VCID-dv5r-38eg-w3ea
summary Withdrawn: Laravel Framework does not sufficiently block the upload of executable PHP content.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-43617
reference_id
reference_type
scores
0
value 0.50135
scoring_system epss
scoring_elements 0.97898
published_at 2026-06-12T12:55:00Z
1
value 0.50135
scoring_system epss
scoring_elements 0.97889
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-43617
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43617
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43617
2
reference_url https://github.com/laravel/framework
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework
3
reference_url https://github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1130-L1132
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1130-L1132
4
reference_url https://github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1331-L1333
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1331-L1333
5
reference_url https://github.com/laravel/framework/pull/39666
reference_id
reference_type
scores
url https://github.com/laravel/framework/pull/39666
6
reference_url https://hosein-vita.medium.com/laravel-8-x-image-upload-bypass-zero-day-852bd806019b
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hosein-vita.medium.com/laravel-8-x-image-upload-bypass-zero-day-852bd806019b
7
reference_url https://salsa.debian.org/php-team/php/-/commit/dc253886b5b2e9bc8d9e36db787abb083a667fd8
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://salsa.debian.org/php-team/php/-/commit/dc253886b5b2e9bc8d9e36db787abb083a667fd8
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002728
reference_id 1002728
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002728
9
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/50525.txt
reference_id CVE-2021-43617
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/50525.txt
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-43617
reference_id CVE-2021-43617
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-43617
11
reference_url https://github.com/advisories/GHSA-364w-9g92-3grq
reference_id GHSA-364w-9g92-3grq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-364w-9g92-3grq
fixed_packages
0
url pkg:composer/laravel/framework@8.73.0
purl pkg:composer/laravel/framework@8.73.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-4g76-upmf-sqh5
2
vulnerability VCID-dey5-mvbh-8kee
3
vulnerability VCID-u7f4-wtvf-gkbf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@8.73.0
1
url pkg:composer/laravel/framework@10.36.0
purl pkg:composer/laravel/framework@10.36.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-u7f4-wtvf-gkbf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@10.36.0
aliases CVE-2021-43617, GHSA-364w-9g92-3grq
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dv5r-38eg-w3ea
9
url VCID-s75k-mye8-2bfw
vulnerability_id VCID-s75k-mye8-2bfw
summary 
Cryptographic Issues
Exploit of encryption failure vulnerability
references
0
reference_url https://medium.com/@taylorotwell/laravel-security-release-5-6-15-and-5-5-40-56f1257933a0
reference_id
reference_type
scores
url https://medium.com/@taylorotwell/laravel-security-release-5-6-15-and-5-5-40-56f1257933a0
fixed_packages
0
url pkg:composer/laravel/framework@4.2.0-BETA1
purl pkg:composer/laravel/framework@4.2.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-62fb-25yd-tbgx
2
vulnerability VCID-6kf8-kaxs-2ubs
3
vulnerability VCID-77hd-k355-aybk
4
vulnerability VCID-94xh-sh2d-kkbm
5
vulnerability VCID-dey5-mvbh-8kee
6
vulnerability VCID-dv5r-38eg-w3ea
7
vulnerability VCID-rjva-g7q4-bkha
8
vulnerability VCID-safb-6nw5-2yew
9
vulnerability VCID-te2h-zw6x-tuhq
10
vulnerability VCID-u7f4-wtvf-gkbf
11
vulnerability VCID-y6fk-xf4d-eqdf
12
vulnerability VCID-yje3-58x5-jqh7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@4.2.0-BETA1
1
url pkg:composer/laravel/framework@5.2.0-beta1
purl pkg:composer/laravel/framework@5.2.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-62fb-25yd-tbgx
2
vulnerability VCID-6kf8-kaxs-2ubs
3
vulnerability VCID-77hd-k355-aybk
4
vulnerability VCID-94xh-sh2d-kkbm
5
vulnerability VCID-dey5-mvbh-8kee
6
vulnerability VCID-dv5r-38eg-w3ea
7
vulnerability VCID-rjva-g7q4-bkha
8
vulnerability VCID-safb-6nw5-2yew
9
vulnerability VCID-te2h-zw6x-tuhq
10
vulnerability VCID-u7f4-wtvf-gkbf
11
vulnerability VCID-y6fk-xf4d-eqdf
12
vulnerability VCID-yje3-58x5-jqh7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@5.2.0-beta1
2
url pkg:composer/laravel/framework@5.3.0-RC1
purl pkg:composer/laravel/framework@5.3.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-62fb-25yd-tbgx
2
vulnerability VCID-6kf8-kaxs-2ubs
3
vulnerability VCID-77hd-k355-aybk
4
vulnerability VCID-94xh-sh2d-kkbm
5
vulnerability VCID-dey5-mvbh-8kee
6
vulnerability VCID-dv5r-38eg-w3ea
7
vulnerability VCID-rjva-g7q4-bkha
8
vulnerability VCID-safb-6nw5-2yew
9
vulnerability VCID-te2h-zw6x-tuhq
10
vulnerability VCID-u7f4-wtvf-gkbf
11
vulnerability VCID-y6fk-xf4d-eqdf
12
vulnerability VCID-yje3-58x5-jqh7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@5.3.0-RC1
3
url pkg:composer/laravel/framework@5.5.40
purl pkg:composer/laravel/framework@5.5.40
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-3tnn-m2nq-uqc3
2
vulnerability VCID-6kf8-kaxs-2ubs
3
vulnerability VCID-77hd-k355-aybk
4
vulnerability VCID-dey5-mvbh-8kee
5
vulnerability VCID-dv5r-38eg-w3ea
6
vulnerability VCID-rjva-g7q4-bkha
7
vulnerability VCID-safb-6nw5-2yew
8
vulnerability VCID-te2h-zw6x-tuhq
9
vulnerability VCID-tr3h-je2s-u3g4
10
vulnerability VCID-u7f4-wtvf-gkbf
11
vulnerability VCID-ueh2-52a2-juf8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@5.5.40
4
url pkg:composer/laravel/framework@5.6.15
purl pkg:composer/laravel/framework@5.6.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-6kf8-kaxs-2ubs
2
vulnerability VCID-77hd-k355-aybk
3
vulnerability VCID-dey5-mvbh-8kee
4
vulnerability VCID-dv5r-38eg-w3ea
5
vulnerability VCID-rjva-g7q4-bkha
6
vulnerability VCID-safb-6nw5-2yew
7
vulnerability VCID-te2h-zw6x-tuhq
8
vulnerability VCID-tr3h-je2s-u3g4
9
vulnerability VCID-u7f4-wtvf-gkbf
10
vulnerability VCID-ueh2-52a2-juf8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@5.6.15
5
url pkg:composer/laravel/framework@10.36.0
purl pkg:composer/laravel/framework@10.36.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-u7f4-wtvf-gkbf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@10.36.0
aliases GMS-2018-72
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s75k-mye8-2bfw
10
url VCID-safb-6nw5-2yew
vulnerability_id VCID-safb-6nw5-2yew
summary OS Command Injection in Laravel Framework
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-19316
reference_id
reference_type
scores
0
value 0.04286
scoring_system epss
scoring_elements 0.89134
published_at 2026-06-12T12:55:00Z
1
value 0.04286
scoring_system epss
scoring_elements 0.89096
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-19316
1
reference_url https://github.com/laravel/framework
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework
2
reference_url https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31
3
reference_url http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework
4
reference_url http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/
reference_id
reference_type
scores
url http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-19316
reference_id CVE-2020-19316
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-19316
6
reference_url https://github.com/advisories/GHSA-w2pm-r78h-4m7v
reference_id GHSA-w2pm-r78h-4m7v
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w2pm-r78h-4m7v
fixed_packages
0
url pkg:composer/laravel/framework@5.8.17
purl pkg:composer/laravel/framework@5.8.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-6kf8-kaxs-2ubs
2
vulnerability VCID-77hd-k355-aybk
3
vulnerability VCID-dey5-mvbh-8kee
4
vulnerability VCID-dv5r-38eg-w3ea
5
vulnerability VCID-muvu-yk1g-quam
6
vulnerability VCID-rjva-g7q4-bkha
7
vulnerability VCID-u7f4-wtvf-gkbf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@5.8.17
aliases CVE-2020-19316, GHSA-w2pm-r78h-4m7v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-safb-6nw5-2yew
11
url VCID-te2h-zw6x-tuhq
vulnerability_id VCID-te2h-zw6x-tuhq
summary In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-15133
reference_id
reference_type
scores
0
value 0.84447
scoring_system epss
scoring_elements 0.99345
published_at 2026-06-12T12:55:00Z
1
value 0.84447
scoring_system epss
scoring_elements 0.99342
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-15133
1
reference_url https://github.com/kozmic/laravel-poc-CVE-2018-15133
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kozmic/laravel-poc-CVE-2018-15133
2
reference_url https://github.com/laravel/framework
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework
3
reference_url https://github.com/laravel/framework/commit/d84cf988ed5d4661a4bf1fdcb08f5073835083a0
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework/commit/d84cf988ed5d4661a4bf1fdcb08f5073835083a0
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-15133
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-15133
5
reference_url https://github.com/advisories/GHSA-qvqm-h22r-4cp9
reference_id GHSA-qvqm-h22r-4cp9
reference_type
scores
url https://github.com/advisories/GHSA-qvqm-h22r-4cp9
6
reference_url http://packetstormsecurity.com/files/153641/PHP-Laravel-Framework-Token-Unserialize-Remote-Command-Execution.html
reference_id PHP-Laravel-Framework-Token-Unserialize-Remote-Command-Execution.html
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-01-17T18:05:27Z/
url http://packetstormsecurity.com/files/153641/PHP-Laravel-Framework-Token-Unserialize-Remote-Command-Execution.html
7
reference_url https://laravel.com/docs/5.6/upgrade#upgrade-5.6.30
reference_id upgrade#upgrade-5.6.30
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-01-17T18:05:27Z/
url https://laravel.com/docs/5.6/upgrade#upgrade-5.6.30
fixed_packages
0
url pkg:composer/laravel/framework@5.5.41
purl pkg:composer/laravel/framework@5.5.41
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-3tnn-m2nq-uqc3
2
vulnerability VCID-6kf8-kaxs-2ubs
3
vulnerability VCID-77hd-k355-aybk
4
vulnerability VCID-dey5-mvbh-8kee
5
vulnerability VCID-dv5r-38eg-w3ea
6
vulnerability VCID-rjva-g7q4-bkha
7
vulnerability VCID-safb-6nw5-2yew
8
vulnerability VCID-tr3h-je2s-u3g4
9
vulnerability VCID-u7f4-wtvf-gkbf
10
vulnerability VCID-ueh2-52a2-juf8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@5.5.41
1
url pkg:composer/laravel/framework@5.6.30
purl pkg:composer/laravel/framework@5.6.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-6kf8-kaxs-2ubs
2
vulnerability VCID-77hd-k355-aybk
3
vulnerability VCID-dey5-mvbh-8kee
4
vulnerability VCID-dv5r-38eg-w3ea
5
vulnerability VCID-rjva-g7q4-bkha
6
vulnerability VCID-safb-6nw5-2yew
7
vulnerability VCID-u7f4-wtvf-gkbf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@5.6.30
aliases CVE-2018-15133, GHSA-qvqm-h22r-4cp9
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-te2h-zw6x-tuhq
12
url VCID-tr3h-je2s-u3g4
vulnerability_id VCID-tr3h-je2s-u3g4
summary 
Session Fixation
Cookie serialization vulnerability in laravel framework.
references
fixed_packages
0
url pkg:composer/laravel/framework@4.2.0-BETA1
purl pkg:composer/laravel/framework@4.2.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-62fb-25yd-tbgx
2
vulnerability VCID-6kf8-kaxs-2ubs
3
vulnerability VCID-77hd-k355-aybk
4
vulnerability VCID-94xh-sh2d-kkbm
5
vulnerability VCID-dey5-mvbh-8kee
6
vulnerability VCID-dv5r-38eg-w3ea
7
vulnerability VCID-rjva-g7q4-bkha
8
vulnerability VCID-safb-6nw5-2yew
9
vulnerability VCID-te2h-zw6x-tuhq
10
vulnerability VCID-u7f4-wtvf-gkbf
11
vulnerability VCID-y6fk-xf4d-eqdf
12
vulnerability VCID-yje3-58x5-jqh7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@4.2.0-BETA1
1
url pkg:composer/laravel/framework@5.2.0-beta1
purl pkg:composer/laravel/framework@5.2.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-62fb-25yd-tbgx
2
vulnerability VCID-6kf8-kaxs-2ubs
3
vulnerability VCID-77hd-k355-aybk
4
vulnerability VCID-94xh-sh2d-kkbm
5
vulnerability VCID-dey5-mvbh-8kee
6
vulnerability VCID-dv5r-38eg-w3ea
7
vulnerability VCID-rjva-g7q4-bkha
8
vulnerability VCID-safb-6nw5-2yew
9
vulnerability VCID-te2h-zw6x-tuhq
10
vulnerability VCID-u7f4-wtvf-gkbf
11
vulnerability VCID-y6fk-xf4d-eqdf
12
vulnerability VCID-yje3-58x5-jqh7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@5.2.0-beta1
2
url pkg:composer/laravel/framework@5.3.0-RC1
purl pkg:composer/laravel/framework@5.3.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-62fb-25yd-tbgx
2
vulnerability VCID-6kf8-kaxs-2ubs
3
vulnerability VCID-77hd-k355-aybk
4
vulnerability VCID-94xh-sh2d-kkbm
5
vulnerability VCID-dey5-mvbh-8kee
6
vulnerability VCID-dv5r-38eg-w3ea
7
vulnerability VCID-rjva-g7q4-bkha
8
vulnerability VCID-safb-6nw5-2yew
9
vulnerability VCID-te2h-zw6x-tuhq
10
vulnerability VCID-u7f4-wtvf-gkbf
11
vulnerability VCID-y6fk-xf4d-eqdf
12
vulnerability VCID-yje3-58x5-jqh7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@5.3.0-RC1
3
url pkg:composer/laravel/framework@5.5.42
purl pkg:composer/laravel/framework@5.5.42
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-3tnn-m2nq-uqc3
2
vulnerability VCID-6kf8-kaxs-2ubs
3
vulnerability VCID-77hd-k355-aybk
4
vulnerability VCID-dey5-mvbh-8kee
5
vulnerability VCID-dv5r-38eg-w3ea
6
vulnerability VCID-rjva-g7q4-bkha
7
vulnerability VCID-safb-6nw5-2yew
8
vulnerability VCID-u7f4-wtvf-gkbf
9
vulnerability VCID-ueh2-52a2-juf8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@5.5.42
4
url pkg:composer/laravel/framework@5.6.30
purl pkg:composer/laravel/framework@5.6.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-6kf8-kaxs-2ubs
2
vulnerability VCID-77hd-k355-aybk
3
vulnerability VCID-dey5-mvbh-8kee
4
vulnerability VCID-dv5r-38eg-w3ea
5
vulnerability VCID-rjva-g7q4-bkha
6
vulnerability VCID-safb-6nw5-2yew
7
vulnerability VCID-u7f4-wtvf-gkbf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@5.6.30
5
url pkg:composer/laravel/framework@10.36.0
purl pkg:composer/laravel/framework@10.36.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-u7f4-wtvf-gkbf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@10.36.0
aliases GMS-2018-73
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tr3h-je2s-u3g4
13
url VCID-tube-xb7s-yfay
vulnerability_id VCID-tube-xb7s-yfay
summary Laravel Risk of mass-assignment vulnerabilities
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/2014-05-20.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/2014-05-20.yaml
1
reference_url https://github.com/laravel/framework
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework
2
reference_url https://github.com/laravel/framework/commit/c942a1bc30999e3d7a5567f264bfc99c77843919
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework/commit/c942a1bc30999e3d7a5567f264bfc99c77843919
3
reference_url https://laravel.com/docs/5.3/upgrade#upgrade-4.1.29
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://laravel.com/docs/5.3/upgrade#upgrade-4.1.29
4
reference_url https://github.com/advisories/GHSA-rj3w-99gc-8j58
reference_id GHSA-rj3w-99gc-8j58
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rj3w-99gc-8j58
fixed_packages
0
url pkg:composer/laravel/framework@4.1.29
purl pkg:composer/laravel/framework@4.1.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-62fb-25yd-tbgx
2
vulnerability VCID-6kf8-kaxs-2ubs
3
vulnerability VCID-77hd-k355-aybk
4
vulnerability VCID-94xh-sh2d-kkbm
5
vulnerability VCID-dey5-mvbh-8kee
6
vulnerability VCID-dv5r-38eg-w3ea
7
vulnerability VCID-rjva-g7q4-bkha
8
vulnerability VCID-s75k-mye8-2bfw
9
vulnerability VCID-safb-6nw5-2yew
10
vulnerability VCID-te2h-zw6x-tuhq
11
vulnerability VCID-tr3h-je2s-u3g4
12
vulnerability VCID-u7f4-wtvf-gkbf
13
vulnerability VCID-y6fk-xf4d-eqdf
14
vulnerability VCID-yje3-58x5-jqh7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@4.1.29
aliases GHSA-rj3w-99gc-8j58
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tube-xb7s-yfay
14
url VCID-u7f4-wtvf-gkbf
vulnerability_id VCID-u7f4-wtvf-gkbf
summary Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52301
reference_id
reference_type
scores
0
value 0.65712
scoring_system epss
scoring_elements 0.98529
published_at 2026-06-12T12:55:00Z
1
value 0.65712
scoring_system epss
scoring_elements 0.98525
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52301
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52301
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52301
2
reference_url https://github.com/advisories/GHSA-gv7v-rgg6-548h
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-gv7v-rgg6-548h
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/CVE-2024-52301.yaml
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/CVE-2024-52301.yaml
4
reference_url https://github.com/laravel/framework
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework
5
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00019.html
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00019.html
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52301
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52301
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088189
reference_id 1088189
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088189
8
reference_url https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h
reference_id GHSA-gv7v-rgg6-548h
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:51:08Z/
url https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h
fixed_packages
0
url pkg:composer/laravel/framework@6.20.45
purl pkg:composer/laravel/framework@6.20.45
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@6.20.45
1
url pkg:composer/laravel/framework@7.30.7
purl pkg:composer/laravel/framework@7.30.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@7.30.7
2
url pkg:composer/laravel/framework@8.83.28
purl pkg:composer/laravel/framework@8.83.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@8.83.28
3
url pkg:composer/laravel/framework@9.0.0-beta.1
purl pkg:composer/laravel/framework@9.0.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-4g76-upmf-sqh5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@9.0.0-beta.1
4
url pkg:composer/laravel/framework@9.52.17
purl pkg:composer/laravel/framework@9.52.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@9.52.17
5
url pkg:composer/laravel/framework@10.48.23
purl pkg:composer/laravel/framework@10.48.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@10.48.23
6
url pkg:composer/laravel/framework@11.31.0
purl pkg:composer/laravel/framework@11.31.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-ek98-7tsj-ckgx
2
vulnerability VCID-g6z6-pj9v-euhn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@11.31.0
aliases CVE-2024-52301, GHSA-gv7v-rgg6-548h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u7f4-wtvf-gkbf
15
url VCID-ujsy-fq1b-4uc8
vulnerability_id VCID-ujsy-fq1b-4uc8
summary Laravel Hijacked authentication cookies vulnerability
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/2014-04-15.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/2014-04-15.yaml
1
reference_url https://github.com/laravel/framework
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework
2
reference_url https://laravel.com/docs/5.3/upgrade#upgrade-4.1.26
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://laravel.com/docs/5.3/upgrade#upgrade-4.1.26
3
reference_url https://github.com/advisories/GHSA-p62r-7637-3wwc
reference_id GHSA-p62r-7637-3wwc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p62r-7637-3wwc
fixed_packages
0
url pkg:composer/laravel/framework@4.1.26
purl pkg:composer/laravel/framework@4.1.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-37ee-q11f-w3eb
2
vulnerability VCID-62fb-25yd-tbgx
3
vulnerability VCID-6kf8-kaxs-2ubs
4
vulnerability VCID-77hd-k355-aybk
5
vulnerability VCID-94xh-sh2d-kkbm
6
vulnerability VCID-dey5-mvbh-8kee
7
vulnerability VCID-dv5r-38eg-w3ea
8
vulnerability VCID-rjva-g7q4-bkha
9
vulnerability VCID-s75k-mye8-2bfw
10
vulnerability VCID-safb-6nw5-2yew
11
vulnerability VCID-te2h-zw6x-tuhq
12
vulnerability VCID-tr3h-je2s-u3g4
13
vulnerability VCID-tube-xb7s-yfay
14
vulnerability VCID-u7f4-wtvf-gkbf
15
vulnerability VCID-y6fk-xf4d-eqdf
16
vulnerability VCID-yje3-58x5-jqh7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@4.1.26
aliases GHSA-p62r-7637-3wwc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ujsy-fq1b-4uc8
16
url VCID-y6fk-xf4d-eqdf
vulnerability_id VCID-y6fk-xf4d-eqdf
summary Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-9303
reference_id
reference_type
scores
0
value 0.00203
scoring_system epss
scoring_elements 0.42425
published_at 2026-06-11T12:55:00Z
1
value 0.00203
scoring_system epss
scoring_elements 0.42588
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-9303
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/illuminate/auth/CVE-2017-9303.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/illuminate/auth/CVE-2017-9303.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/CVE-2017-9303.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/CVE-2017-9303.yaml
3
reference_url https://github.com/laravel/framework/commit/cef10551820530632a86fa6f1306fee95c5cac43
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework/commit/cef10551820530632a86fa6f1306fee95c5cac43
4
reference_url https://github.com/laravel/framework/issues/18697
reference_id
reference_type
scores
url https://github.com/laravel/framework/issues/18697
5
reference_url https://laravel.com/docs/5.4/releases#laravel-5.4.22
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://laravel.com/docs/5.4/releases#laravel-5.4.22
6
reference_url https://laravel-news.com/laravel-5-4-22-is-now-released-and-includes-a-security-fix
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://laravel-news.com/laravel-5-4-22-is-now-released-and-includes-a-security-fix
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-9303
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-9303
8
reference_url https://web.archive.org/web/20171021180417/http://www.securityfocus.com/bid/98776
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20171021180417/http://www.securityfocus.com/bid/98776
9
reference_url http://www.securityfocus.com/bid/98776
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/98776
fixed_packages
0
url pkg:composer/laravel/framework@5.4.22
purl pkg:composer/laravel/framework@5.4.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-62fb-25yd-tbgx
2
vulnerability VCID-6kf8-kaxs-2ubs
3
vulnerability VCID-77hd-k355-aybk
4
vulnerability VCID-94xh-sh2d-kkbm
5
vulnerability VCID-dey5-mvbh-8kee
6
vulnerability VCID-dv5r-38eg-w3ea
7
vulnerability VCID-rjva-g7q4-bkha
8
vulnerability VCID-s75k-mye8-2bfw
9
vulnerability VCID-safb-6nw5-2yew
10
vulnerability VCID-te2h-zw6x-tuhq
11
vulnerability VCID-tr3h-je2s-u3g4
12
vulnerability VCID-u7f4-wtvf-gkbf
13
vulnerability VCID-yje3-58x5-jqh7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@5.4.22
aliases CVE-2017-9303, GHSA-rc8x-jrrc-frfv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y6fk-xf4d-eqdf
17
url VCID-yje3-58x5-jqh7
vulnerability_id VCID-yje3-58x5-jqh7
summary Laravel Encrypter Component Potential Decryption Failure Leading to Unintended Behavior
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/2018-03-30-1.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/2018-03-30-1.yaml
1
reference_url https://github.com/laravel/framework
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework
2
reference_url https://github.com/laravel/framework/commit/28e53f23a76206fb130e9a54eb95aa3f010e79c9
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework/commit/28e53f23a76206fb130e9a54eb95aa3f010e79c9
3
reference_url https://github.com/laravel/framework/commit/886d261df0854426b4662b7ed5db6a1c575a4279
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework/commit/886d261df0854426b4662b7ed5db6a1c575a4279
4
reference_url https://medium.com/@taylorotwell/laravel-security-release-5-6-15-and-5-5-40-56f1257933a0
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://medium.com/@taylorotwell/laravel-security-release-5-6-15-and-5-5-40-56f1257933a0
5
reference_url https://github.com/advisories/GHSA-7852-w36x-6mf6
reference_id GHSA-7852-w36x-6mf6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7852-w36x-6mf6
fixed_packages
0
url pkg:composer/laravel/framework@5.5.40
purl pkg:composer/laravel/framework@5.5.40
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-3tnn-m2nq-uqc3
2
vulnerability VCID-6kf8-kaxs-2ubs
3
vulnerability VCID-77hd-k355-aybk
4
vulnerability VCID-dey5-mvbh-8kee
5
vulnerability VCID-dv5r-38eg-w3ea
6
vulnerability VCID-rjva-g7q4-bkha
7
vulnerability VCID-safb-6nw5-2yew
8
vulnerability VCID-te2h-zw6x-tuhq
9
vulnerability VCID-tr3h-je2s-u3g4
10
vulnerability VCID-u7f4-wtvf-gkbf
11
vulnerability VCID-ueh2-52a2-juf8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@5.5.40
1
url pkg:composer/laravel/framework@5.6.15
purl pkg:composer/laravel/framework@5.6.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ujb-xr8g-uqb4
1
vulnerability VCID-6kf8-kaxs-2ubs
2
vulnerability VCID-77hd-k355-aybk
3
vulnerability VCID-dey5-mvbh-8kee
4
vulnerability VCID-dv5r-38eg-w3ea
5
vulnerability VCID-rjva-g7q4-bkha
6
vulnerability VCID-safb-6nw5-2yew
7
vulnerability VCID-te2h-zw6x-tuhq
8
vulnerability VCID-tr3h-je2s-u3g4
9
vulnerability VCID-u7f4-wtvf-gkbf
10
vulnerability VCID-ueh2-52a2-juf8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@5.6.15
aliases GHSA-7852-w36x-6mf6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yje3-58x5-jqh7
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@4.0.5