Vulnerabilities > Laravel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-01 | CVE-2024-22859 | Cross-Site Request Forgery (CSRF) vulnerability in Laravel Livewire Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. | 8.8 |
| 2023-04-25 | CVE-2022-40482 | Information Exposure Through Discrepancy vulnerability in Laravel Framework The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. | 5.3 |
| 2023-04-19 | CVE-2021-28254 | Deserialization of Untrusted Data vulnerability in Laravel 8.5.9 A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to execute arbitrary commands. | 9.8 |
| 2022-08-19 | CVE-2022-2886 | Deserialization of Untrusted Data vulnerability in Laravel A vulnerability, which was classified as critical, was found in Laravel 5.1. | 8.8 |
| 2022-08-17 | CVE-2022-2870 | Deserialization of Untrusted Data vulnerability in Laravel A vulnerability was found in laravel 5.1 and classified as problematic. | 9.8 |
| 2022-02-24 | CVE-2022-25838 | Authentication Bypass by Capture-replay vulnerability in Laravel Fortify Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept. | 8.1 |
| 2021-12-20 | CVE-2020-19316 | OS Command Injection vulnerability in Laravel Framework OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17. | 8.8 |
| 2021-12-08 | CVE-2021-43808 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Laravel Framework Laravel is a web application framework. | 6.1 |
| 2021-11-14 | CVE-2021-43617 | Unrestricted Upload of File with Dangerous Type vulnerability in Laravel Framework Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. | 9.8 |
| 2021-01-19 | CVE-2021-21263 | SQL Injection vulnerability in Laravel Laravel is a web application framework. | 5.3 |