Approved changes feed: RSS · Atom

cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorLaravel (753b10ea-9525-5ae4-bc49-6f2cc8b8ce8c)
ProductFramework (272c485d-1118-54f4-a7b1-a5b5ed0750c9)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:composer/laravel/framework purl2cpe 2026-06-01 10:12:10.437139
pkg:github/laravel/framework purl2cpe 2026-06-01 10:12:10.437140

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-27515 vulnerable 2026-06-08 07:14:55.259827 Laravel has a File Validation Bypass
Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1.
Published: 2025-03-05T18:45:50.101Z
Updated: 2025-03-05T18:59:49.627Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-52301 vulnerable 2026-06-08 06:52:14.749492 Laravel allows environment manipulation via query string
Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs.
Published: 2024-11-12T19:32:14.415Z
Updated: 2024-12-21T17:02:39.839Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-29291 vulnerable 2026-06-08 06:33:29.089833 Details available
An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed by multiple third parties because the owner of a Laravel Framework installation can choose to have debugging logs, but needs to set the access control appropriately for the type of data that may be logged.
Published: 2024-04-16T00:00:00.000Z
Updated: 2024-08-02T01:10:55.153Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-13919 vulnerable 2026-06-08 06:25:38.750526 Laravel Reflected XSS via Route Parameter in Debug-Mode Error Page
HIGH (8)
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page.
Published: 2025-03-10T10:03:01.374Z
Updated: 2025-03-10T17:02:42.335Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-13918 vulnerable 2026-06-08 06:25:38.750053 Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page
HIGH (8)
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.
Published: 2025-03-10T10:02:29.530Z
Updated: 2025-03-10T17:02:40.794Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-40482 vulnerable 2026-06-08 05:48:24.983926 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-43808 vulnerable 2026-06-08 05:36:44.327813 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-43617 vulnerable 2026-06-08 05:36:43.627815 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-21263 vulnerable 2026-06-08 05:29:11.475508 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-19316 vulnerable 2026-06-08 05:20:57.273150 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.