laravel

Top products

The 15 most recently published vulnerabilities affecting laravel.

• CVE-2026-39976Laravel Passport's TokenGuard Authenticates Unrelated User for Client Credentials Tokens7.1Apr 9, 2026
• CVE-2026-23524Laravel Redis Horizontal Scaling Insecure Deserialization9.8Jan 21, 2026
• CVE-2021-47756Laravel Valet 2.0.3 - Local Privilege Escalation (macOS)8.4Jan 15, 2026
• CVE-2025-54068Livewire vulnerable to remote command execution during property update hydrationKEV9.8Jul 17, 2025
• CVE-2024-13919Laravel Reflected XSS via Route Parameter in Debug-Mode Error Page8.0Mar 10, 2025
• CVE-2024-13918Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page8.0Mar 10, 2025
• CVE-2025-27515Laravel has a File Validation Bypass9.8Mar 5, 2025
• CVE-2024-55661Laravel Pulse Allows Remote Code Execution via Unprotected Query Method8.8Dec 13, 2024
• CVE-2024-52301Laravel allows environment manipulation via query string7.5Nov 12, 2024
• CVE-2024-47823Livewire Remote Code Execution (RCE) on File Uploads9.8Oct 8, 2024
• CVE-2024-21504Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting (XSS) when a page uses [Url] for a property. An attacker can inject HTML code in the con...6.1Mar 19, 2024
• CVE-2024-22859Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d8873...8.8Feb 1, 2024
• CVE-2022-40482The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the ea...5.3Apr 25, 2023
• CVE-2021-28254A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to execute arbitrary commands.9.8Apr 18, 2023
• CVE-2022-2886Laravel deserialization5.0Aug 19, 2022