VIR Vulnerability Intelligence Relay

Package impact

php Packagist / laravel/framework

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2017-9303 medium 6.1 6.1 9y ago Laravel does not properly constrain the host portion of a password-reset URL debianphp
CVE-2017-14775 medium 5.9 5.9 9y ago Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison. debianphp
CVE-2018-15133 unknown 1.5 4y ago Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the appl… debianphp
CVE-2024-13918 unknown 1y ago The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page. debianphp
CVE-2024-13919 unknown 1y ago The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page. debianphp
CVE-2025-27515 unknown 1y ago Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation ru… debianphp
CVE-2024-52301 unknown 2y ago Laravel environment manipulation via query string debianphp
CVE-2019-9081 unknown 4y ago Laravel Framework Deserialization Vulnerability php
CVE-2020-19316 unknown 4y ago OS Command Injection in Laravel Framework debianphp
CVE-2021-43808 unknown 5y ago Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML… debianphp
CVE-2020-24941 unknown 5y ago Improper Input Validation in Laravel debianphp
CVE-2021-21263 unknown 5y ago Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which … debianphp