Vulnerabilities > Laravel

DATE CVE VULNERABILITY TITLE RISK
2025-03-10 CVE-2024-13918 Cross-site Scripting vulnerability in Laravel Framework
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.
network
low complexity
laravel CWE-79
6.1
2025-03-10 CVE-2024-13919 Cross-site Scripting vulnerability in Laravel Framework
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page.
network
low complexity
laravel CWE-79
6.1
2024-10-08 CVE-2024-47823 Unrestricted Upload of File with Dangerous Type vulnerability in Laravel Livewire
Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP.
network
low complexity
laravel CWE-434
critical
9.8
2024-02-01 CVE-2024-22859 Cross-Site Request Forgery (CSRF) vulnerability in Laravel Livewire
Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function.
network
low complexity
laravel CWE-352
8.8
2023-04-25 CVE-2022-40482 Information Exposure Through Discrepancy vulnerability in Laravel Framework
The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing.
network
low complexity
laravel CWE-203
5.3
2023-04-19 CVE-2021-28254 Deserialization of Untrusted Data vulnerability in Laravel 8.5.9
A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to execute arbitrary commands.
network
low complexity
laravel CWE-502
critical
9.8
2022-08-19 CVE-2022-2886 Deserialization of Untrusted Data vulnerability in Laravel
A vulnerability, which was classified as critical, was found in Laravel 5.1.
network
low complexity
laravel CWE-502
8.8
2022-08-17 CVE-2022-2870 Unspecified vulnerability in Laravel
A vulnerability was found in laravel 5.1 and classified as problematic.
network
low complexity
laravel
critical
9.8
2022-02-24 CVE-2022-25838 Authentication Bypass by Capture-replay vulnerability in Laravel Fortify
Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept.
network
high complexity
laravel CWE-294
8.1
2021-12-20 CVE-2020-19316 OS Command Injection vulnerability in Laravel Framework
OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17.
network
low complexity
laravel CWE-78
8.8