VYPR

Packagist (Composer) package

laravel/passport

pkg:composer/laravel/passport

Vulnerabilities (1)

  • CVE-2026-39976HigApr 9, 2026
    affected >= 13.0.0, < 13.7.1fixed 13.7.1

    Laravel Passport provides OAuth2 server support to Laravel. From 13.0.0 to before 13.7.1, there is an Authentication Bypass for client_credentials tokens. the league/oauth2-server library sets the JWT sub claim to the client identifier (since there's no user). The token guard the