Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/laravel/framework@11.34.0
Typecomposer
Namespacelaravel
Nameframework
Version11.34.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version11.44.1
Latest_non_vulnerable_version12.1.1
Affected_by_vulnerabilities
0
url VCID-4gte-7mxp-qfbf
vulnerability_id VCID-4gte-7mxp-qfbf
summary 
Laravel framework susceptible to reflected cross-site scripting
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-13918
reference_id
reference_type
scores
0
value 0.01054
scoring_system epss
scoring_elements 0.77949
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-13918
1
reference_url https://github.com/laravel/framework
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework
2
reference_url https://github.com/laravel/framework/commit/45287fb2a91c69bb1c110539b9b7341faf5aee33
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework/commit/45287fb2a91c69bb1c110539b9b7341faf5aee33
3
reference_url https://github.com/laravel/framework/pull/53869
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-10T12:55:25Z/
url https://github.com/laravel/framework/pull/53869
4
reference_url https://github.com/laravel/framework/releases/tag/v11.36.0
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-10T12:55:25Z/
url https://github.com/laravel/framework/releases/tag/v11.36.0
5
reference_url https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-01_Laravel_Reflected_XSS_via_Request_Parameter_in_Debug-Mode_Error_Page
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-10T12:55:25Z/
url https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-01_Laravel_Reflected_XSS_via_Request_Parameter_in_Debug-Mode_Error_Page
6
reference_url http://www.openwall.com/lists/oss-security/2025/03/10/3
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/03/10/3
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-13918
reference_id CVE-2024-13918
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-13918
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/CVE-2024-13918.yaml
reference_id CVE-2024-13918.YAML
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/CVE-2024-13918.yaml
9
reference_url https://github.com/advisories/GHSA-546h-56qp-8jmw
reference_id GHSA-546h-56qp-8jmw
reference_type
scores
url https://github.com/advisories/GHSA-546h-56qp-8jmw
fixed_packages
0
url pkg:composer/laravel/framework@11.36.0
purl pkg:composer/laravel/framework@11.36.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tzy8-b9et-fyd9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@11.36.0
aliases CVE-2024-13918, GHSA-546h-56qp-8jmw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4gte-7mxp-qfbf
1
url VCID-9xkc-cfyx-1qaw
vulnerability_id VCID-9xkc-cfyx-1qaw
summary 
Laravel framework susceptible to reflected cross-site scripting
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-13919
reference_id
reference_type
scores
0
value 0.00254
scoring_system epss
scoring_elements 0.49006
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-13919
1
reference_url https://github.com/laravel/framework
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework
2
reference_url https://github.com/laravel/framework/commit/45287fb2a91c69bb1c110539b9b7341faf5aee33
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework/commit/45287fb2a91c69bb1c110539b9b7341faf5aee33
3
reference_url https://github.com/laravel/framework/pull/53869
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-10T12:38:06Z/
url https://github.com/laravel/framework/pull/53869
4
reference_url https://github.com/laravel/framework/releases/tag/v11.36.0
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-10T12:38:06Z/
url https://github.com/laravel/framework/releases/tag/v11.36.0
5
reference_url https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-02_Laravel_Reflected_XSS_via_Route_Parameter_in_Debug-Mode_Error_Page
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-10T12:38:06Z/
url https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-02_Laravel_Reflected_XSS_via_Route_Parameter_in_Debug-Mode_Error_Page
6
reference_url http://www.openwall.com/lists/oss-security/2025/03/10/4
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/03/10/4
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-13919
reference_id CVE-2024-13919
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-13919
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/CVE-2024-13919.yaml
reference_id CVE-2024-13919.YAML
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/CVE-2024-13919.yaml
9
reference_url https://github.com/advisories/GHSA-83wp-f5c3-hqqr
reference_id GHSA-83wp-f5c3-hqqr
reference_type
scores
url https://github.com/advisories/GHSA-83wp-f5c3-hqqr
fixed_packages
0
url pkg:composer/laravel/framework@11.36.0
purl pkg:composer/laravel/framework@11.36.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tzy8-b9et-fyd9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@11.36.0
aliases CVE-2024-13919, GHSA-83wp-f5c3-hqqr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9xkc-cfyx-1qaw
2
url VCID-tzy8-b9et-fyd9
vulnerability_id VCID-tzy8-b9et-fyd9
summary 
Laravel has a File Validation Bypass
When using wildcard validation to validate a given file or image field array (`files.*`), a user-crafted malicious request could potentially bypass the validation rules.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27515
reference_id
reference_type
scores
0
value 0.00284
scoring_system epss
scoring_elements 0.52052
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27515
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27515
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27515
2
reference_url https://github.com/laravel/framework
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework
3
reference_url https://github.com/laravel/framework/commit/2d133034fefddfb047838f4caca3687a3ba811a5
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework/commit/2d133034fefddfb047838f4caca3687a3ba811a5
4
reference_url https://github.com/laravel/framework/commit/a4f7a8f9b83e21882abeef78c3174c66b0f4a26b
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework/commit/a4f7a8f9b83e21882abeef78c3174c66b0f4a26b
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103881
reference_id 1103881
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103881
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27515
reference_id CVE-2025-27515
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27515
7
reference_url https://github.com/advisories/GHSA-78fx-h6xr-vch4
reference_id GHSA-78fx-h6xr-vch4
reference_type
scores
url https://github.com/advisories/GHSA-78fx-h6xr-vch4
8
reference_url https://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4
reference_id GHSA-78fx-h6xr-vch4
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4
fixed_packages
0
url pkg:composer/laravel/framework@11.44.1
purl pkg:composer/laravel/framework@11.44.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@11.44.1
1
url pkg:composer/laravel/framework@12.1.1
purl pkg:composer/laravel/framework@12.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@12.1.1
aliases CVE-2025-27515, GHSA-78fx-h6xr-vch4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tzy8-b9et-fyd9
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/laravel/framework@11.34.0