Security Advisories - laravel/framework

laravel/framework Security Advisories for v7.22.4 (10)

[MEDIUM] Laravel Framework: Temporary Signed URL Path Confusion

PKSA-m5cs-t1y6-qpcs GHSA-crmm-hgp2-wgrp

Affected version: <12.61.1|>=13.0.0,<13.12.0

Reported by:
GitHub
[HIGH] Laravel Framework: CRLF injection in default email rule

PKSA-3r5d-mb8f-1qw9 GHSA-5vg9-5847-vvmq

Affected version: <12.60.0|>=13.0.0,<=13.9.0

Reported by:
GitHub
[MEDIUM] Laravel has a File Validation Bypass

PKSA-8qx3-n5y5-vvnd CVE-2025-27515 GHSA-78fx-h6xr-vch4

Affected version: <10.48.29|>=11.0.0,<11.44.1|>=12.0.0,<12.1.1

Reported by:
GitHub
[HIGH] Laravel environment manipulation via query string

PKSA-w7xr-vk7n-rstm CVE-2024-52301 GHSA-gv7v-rgg6-548h

Affected version: <6.20.45|>=7.0.0,<7.30.7|>=8.0.0,<8.83.28|>=9.0.0,<9.52.17|>=10.0.0,<10.48.23|>=11.0.0,<11.31.0

Reported by:
GitHub, FriendsOfPHP/security-advisories
[HIGH] Improper Input Validation in Laravel

PKSA-7ywf-hktb-jkn9 CVE-2020-24941 GHSA-w68r-5p45-5rqp

Affected version: >=7.0.0,<7.24.0|<6.18.35

Reported by:
GitHub
[MEDIUM] SQL Server LIMIT / OFFSET SQL Injection

PKSA-ckwp-rt7t-c46m GHSA-7852-w36x-6mf6

Affected version: >=6.0.0,<6.20.26|>=7.0.0,<7.30.5|>=8.0.0,<8.40.0

Reported by:
GitHub, FriendsOfPHP/security-advisories
[HIGH] Unexpected bindings in QueryBuilder

PKSA-4npr-btr6-zhny GHSA-6jvx-8ch9-j2jr

Affected version: >=6.0.0,<6.20.14|>=7.0.0,<7.30.4|>=8.0.0,<8.24.0

Reported by:
GitHub, FriendsOfPHP/security-advisories
[MEDIUM] Possible cross-site scripting (XSS) vulnerability in the Blade templating engine

PKSA-njrm-6dtg-m2pc CVE-2021-43808 GHSA-66hf-2p6w-jqfw

Affected version: <6.20.42|>=7.0.0,<7.30.6|>=8.0.0,<8.75.0

Reported by:
GitHub, FriendsOfPHP/security-advisories
[CRITICAL] Guard bypass in Eloquent models

PKSA-vhvj-tvg4-96jj GHSA-qm5c-m76r-2hfr

Affected version: >=5.5.0,<=5.5.49|>=6.0.0,<6.18.34|>=7.0.0,<7.23.2

Reported by:
GitHub, FriendsOfPHP/security-advisories
[HIGH] Unexpected bindings in QueryBuilder

PKSA-985r-hryy-555b CVE-2021-21263 GHSA-3p32-j457-pg5x

Affected version: >=6.0.0,<6.20.11|>=7.0.0,<7.30.2|>=8.0.0,<8.22.1

Reported by:
GitHub, FriendsOfPHP/security-advisories

laravel/framework Security Advisories for v7.22.4 (10)

[MEDIUM] Laravel Framework: Temporary Signed URL Path Confusion

[HIGH] Laravel Framework: CRLF injection in default email rule

[MEDIUM] Laravel has a File Validation Bypass

[HIGH] Laravel environment manipulation via query string

[HIGH] Improper Input Validation in Laravel

[MEDIUM] SQL Server LIMIT / OFFSET SQL Injection

[HIGH] Unexpected bindings in QueryBuilder

[MEDIUM] Possible cross-site scripting (XSS) vulnerability in the Blade templating engine

[CRITICAL] Guard bypass in Eloquent models

[HIGH] Unexpected bindings in QueryBuilder