Approved changes feed: RSS · Atom
cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Laravel (753b10ea-9525-5ae4-bc49-6f2cc8b8ce8c) |
|---|---|
| Product | Framework (272c485d-1118-54f4-a7b1-a5b5ed0750c9) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:composer/laravel/framework |
purl2cpe | 2026-06-01 10:12:10.437139 |
pkg:github/laravel/framework |
purl2cpe | 2026-06-01 10:12:10.437140 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-27515 |
vulnerable | 2026-06-08 07:14:55.259827 |
Laravel has a File Validation Bypass
Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1.
Published: 2025-03-05T18:45:50.101Z
Updated: 2025-03-05T18:59:49.627Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-52301 |
vulnerable | 2026-06-08 06:52:14.749492 |
Laravel allows environment manipulation via query string
Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs.
Published: 2024-11-12T19:32:14.415Z
Updated: 2024-12-21T17:02:39.839Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29291 |
vulnerable | 2026-06-08 06:33:29.089833 |
Details available
An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed by multiple third parties because the owner of a Laravel Framework installation can choose to have debugging logs, but needs to set the access control appropriately for the type of data that may be logged.
Published: 2024-04-16T00:00:00.000Z
Updated: 2024-08-02T01:10:55.153Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13919 |
vulnerable | 2026-06-08 06:25:38.750526 |
Laravel Reflected XSS via Route Parameter in Debug-Mode Error Page
HIGH (8)
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page.
Published: 2025-03-10T10:03:01.374Z
Updated: 2025-03-10T17:02:42.335Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13918 |
vulnerable | 2026-06-08 06:25:38.750053 |
Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page
HIGH (8)
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.
Published: 2025-03-10T10:02:29.530Z
Updated: 2025-03-10T17:02:40.794Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-40482 |
vulnerable | 2026-06-08 05:48:24.983926 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-43808 |
vulnerable | 2026-06-08 05:36:44.327813 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-43617 |
vulnerable | 2026-06-08 05:36:43.627815 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-21263 |
vulnerable | 2026-06-08 05:29:11.475508 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-19316 |
vulnerable | 2026-06-08 05:20:57.273150 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.