laravel/framework Security Advisories for v6.20.1 (7)
-
[MEDIUM] Laravel has a File Validation Bypass
PKSA-8qx3-n5y5-vvnd CVE-2025-27515 GHSA-78fx-h6xr-vch4
Affected version: <10.48.29|>=11.0.0,<11.44.1|>=12.0.0,<12.1.1
Reported by:
GitHub -
[HIGH] Laravel environment manipulation via query string
PKSA-w7xr-vk7n-rstm CVE-2024-52301 GHSA-gv7v-rgg6-548h
Affected version: <6.20.45|>=7.0.0,<7.30.7|>=8.0.0,<8.83.28|>=9.0.0,<9.52.17|>=10.0.0,<10.48.23|>=11.0.0,<11.31.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[CRITICAL] Laravel Framework Deserialization Vulnerability
PKSA-dpt9-7cmv-dk65 CVE-2019-9081 GHSA-pfg4-p438-p874
Affected version: >=5.7.0,<6.20.44
Reported by:
GitHub -
[MEDIUM] SQL Server LIMIT / OFFSET SQL Injection
PKSA-ckwp-rt7t-c46m GHSA-7852-w36x-6mf6
Affected version: >=6.0.0,<6.20.26|>=7.0.0,<7.30.5|>=8.0.0,<8.40.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Unexpected bindings in QueryBuilder
PKSA-4npr-btr6-zhny GHSA-6jvx-8ch9-j2jr
Affected version: >=6.0.0,<6.20.14|>=7.0.0,<7.30.4|>=8.0.0,<8.24.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Possible cross-site scripting (XSS) vulnerability in the Blade templating engine
PKSA-njrm-6dtg-m2pc CVE-2021-43808 GHSA-66hf-2p6w-jqfw
Affected version: <6.20.42|>=7.0.0,<7.30.6|>=8.0.0,<8.75.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Unexpected bindings in QueryBuilder
PKSA-985r-hryy-555b CVE-2021-21263 GHSA-3p32-j457-pg5x
Affected version: >=6.0.0,<6.20.11|>=7.0.0,<7.30.2|>=8.0.0,<8.22.1
Reported by:
GitHub, FriendsOfPHP/security-advisories