Laravel/framework
This hub aggregates every CVE we track for Laravel/framework, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
12
CVEs tracked
2
Critical
7
High
1
In CISA KEV
Severity distribution
HIGH7MEDIUM3CRITICAL2
Monthly trend
0
0
0
0
1
0
0
0
3
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 12 most recently published vulnerabilities affecting Laravel/framework.
- CVE-2024-13919Laravel Reflected XSS via Route Parameter in Debug-Mode Error Page8.0
- CVE-2024-13918Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page8.0
- CVE-2025-27515Laravel has a File Validation Bypass9.8
- CVE-2024-52301Laravel allows environment manipulation via query string7.5
- CVE-2020-19316OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17.8.8
- CVE-2021-43808Blade `@parent` Exploitation Leading To Possible XSS in Laravel5.3
- CVE-2021-43617Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which...9.8
- CVE-2021-21263Query Binding Exploitation in Laravel7.2
- CVE-2020-24941An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions.7.5
- CVE-2018-15133In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the d...KEV8.1
- CVE-2017-14775Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison.5.9
- CVE-2017-9303Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-co...6.1
Product normalization is registry-driven with AI assist and human review. How it works