Security Advisories - laravel/framework

laravel/framework Security Advisories for v5.5.29 (10)

[MEDIUM] Laravel has a File Validation Bypass

PKSA-8qx3-n5y5-vvnd CVE-2025-27515 GHSA-78fx-h6xr-vch4

Affected version: <10.48.29|>=11.0.0,<11.44.1|>=12.0.0,<12.1.1

Reported by:
GitHub
[HIGH] Laravel environment manipulation via query string

PKSA-w7xr-vk7n-rstm CVE-2024-52301 GHSA-gv7v-rgg6-548h

Affected version: <6.20.45|>=7.0.0,<7.30.7|>=8.0.0,<8.83.28|>=9.0.0,<9.52.17|>=10.0.0,<10.48.23|>=11.0.0,<11.31.0

Reported by:
GitHub, FriendsOfPHP/security-advisories
[HIGH] Laravel Framework RCE Vulnerability

PKSA-3qhw-gzjt-j63j CVE-2018-15133 GHSA-qvqm-h22r-4cp9

Affected version: >=5.6.0,<=5.6.29|<=5.5.40

Reported by:
GitHub
[HIGH] OS Command Injection in Laravel Framework

PKSA-17kp-jm2n-vxzz CVE-2020-19316 GHSA-w2pm-r78h-4m7v

Affected version: <5.8.17

Reported by:
GitHub
[HIGH] Improper Input Validation in Laravel

PKSA-7ywf-hktb-jkn9 CVE-2020-24941 GHSA-w68r-5p45-5rqp

Affected version: >=7.0.0,<7.24.0|<6.18.35

Reported by:
GitHub
[MEDIUM] Possible cross-site scripting (XSS) vulnerability in the Blade templating engine

PKSA-njrm-6dtg-m2pc CVE-2021-43808 GHSA-66hf-2p6w-jqfw

Affected version: <6.20.42|>=7.0.0,<7.30.6|>=8.0.0,<8.75.0

Reported by:
GitHub, FriendsOfPHP/security-advisories
[CRITICAL] Guard bypass in Eloquent models

PKSA-vhvj-tvg4-96jj GHSA-qm5c-m76r-2hfr

Affected version: >=5.5.0,<=5.5.49|>=6.0.0,<6.18.34|>=7.0.0,<7.23.2

Reported by:
GitHub, FriendsOfPHP/security-advisories
[MEDIUM] RCE vulnerability in "cookie" session driver

PKSA-nrj3-r2wg-yt8b GHSA-vr95-p7q6-8m9q

Affected version: >=4.1.0,<=4.1.99999|>=4.2.0,<=4.2.99999|>=5.0.0,<=5.0.99999|>=5.1.0,<=5.1.99999|>=5.2.0,<=5.2.99999|>=5.3.0,<=5.3.99999|>=5.4.0,<=5.4.99999|>=5.5.0,<=5.5.49|>=5.6.0,<=5.6.99999|>=5.7.0,<=5.7.99999|>=5.8.0,<=5.8.99999|>=6.0.0,<6.18.31|>=7.0.0,<7.22.4

Reported by:
GitHub, FriendsOfPHP/security-advisories
[HIGH] Cookie serialization vulnerability

PKSA-mhj3-vthf-h41n GHSA-jwvj-pwww-3mj5

Affected version: >=4.0.0,<=4.0.11|>=4.1.0,<=4.1.31|>=4.2.0,<=4.2.22|>=5.0.0,<=5.0.35|>=5.1.0,<=5.1.46|>=5.2.0,<=5.2.45|>=5.3.0,<=5.3.31|>=5.4.0,<=5.4.36|>=5.5.0,<5.5.42|>=5.6.0,<5.6.30

Reported by:
GitHub, FriendsOfPHP/security-advisories
[HIGH] Exploit of encryption failure vulnerability

PKSA-cn77-7mny-v9zg GHSA-4mg9-vhxq-vm7j

Affected version: >=4.0.0,<=4.0.11|>=4.1.0,<=4.1.31|>=4.2.0,<=4.2.22|>=5.0.0,<=5.0.35|>=5.1.0,<=5.1.46|>=5.2.0,<=5.2.45|>=5.3.0,<=5.3.31|>=5.4.0,<=5.4.36|>=5.5.0,<5.5.40|>=5.6.0,<5.6.15

Reported by:
GitHub, FriendsOfPHP/security-advisories

laravel/framework Security Advisories for v5.5.29 (10)

[MEDIUM] Laravel has a File Validation Bypass

[HIGH] Laravel environment manipulation via query string

[HIGH] Laravel Framework RCE Vulnerability

[HIGH] OS Command Injection in Laravel Framework

[HIGH] Improper Input Validation in Laravel

[MEDIUM] Possible cross-site scripting (XSS) vulnerability in the Blade templating engine

[CRITICAL] Guard bypass in Eloquent models

[MEDIUM] RCE vulnerability in "cookie" session driver

[HIGH] Cookie serialization vulnerability

[HIGH] Exploit of encryption failure vulnerability