Vulnerabilities > Laravel > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-19 | CVE-2021-28254 | Deserialization of Untrusted Data vulnerability in Laravel 8.5.9 A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to execute arbitrary commands. | 9.8 |
| 2022-08-17 | CVE-2022-2870 | Deserialization of Untrusted Data vulnerability in Laravel A vulnerability was found in laravel 5.1 and classified as problematic. | 9.8 |
| 2021-11-14 | CVE-2021-43617 | Unrestricted Upload of File with Dangerous Type vulnerability in Laravel Framework Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. | 9.8 |