Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: laravel Clear
ID Title
CVE-2026-57958 Cross-Site Scripting (XSS) in laravel (CVE-2026-57958)
cross-site scripting in laravel (CVE-2026-57958). Risk of unauthorized operations or information disclosure.
CVE-2026-48500 Vulnerability in filament/filament (CVE-2026-48500)
vulnerability in filament/filament (CVE-2026-48500). Risk of unauthorized operations or information disclosure. Exploitable via ``WithFileUploads``. Mitigation: upgrade to `3.3.52` or later.
CVE-2026-48505 Vulnerability in filament/filament (CVE-2026-48505)
vulnerability in filament/filament (CVE-2026-48505). Confidential information can be exposed externally. Mitigation: upgrade to `5.6.5` or later.
CVE-2026-48166 Vulnerability in filament/filament (CVE-2026-48166)
vulnerability in filament/filament (CVE-2026-48166). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.6.5` or later.
CVE-2026-48167 Cross-Site Scripting (XSS) in filament/infolists (CVE-2026-48167)
cross-site scripting in filament/infolists (CVE-2026-48167). Risk of unauthorized operations or information disclosure. Exploitable via ``ImageColumn``. Mitigation: upgrade to `5.6.5` or later.
CVE-2026-49288 Information Disclosure in statamic/cms (CVE-2026-49288)
vulnerability in statamic/cms (CVE-2026-49288). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.73.23` or later.
CVE-2026-49287 Vulnerability in statamic/cms (CVE-2026-49287)
vulnerability in statamic/cms (CVE-2026-49287). Data can be tampered with by attackers. Mitigation: upgrade to `5.73.23` or later.
CVE-2026-55409 Cross-Site Scripting (XSS) in filament/forms (CVE-2026-55409)
cross-site scripting in filament/forms (CVE-2026-55409). Confidential information can be exposed externally. Exploitable via ``RichEditor``. Mitigation: upgrade to `3.3.53` or later.
CVE-2026-48067 Vulnerability in filament/tables (CVE-2026-48067)
vulnerability in filament/tables (CVE-2026-48067). Data can be tampered with by attackers. Exploitable via ``Select``. Mitigation: upgrade to `3.3.51` or later.
CVE-2026-53634 Vulnerability in laravel (CVE-2026-53634)
vulnerability in laravel (CVE-2026-53634). Risk of unauthorized operations or information disclosure.
CVE-2022-31114 Cross-Site Scripting (XSS) in backpack/crud (CVE-2022-31114)
cross-site scripting in backpack/crud (CVE-2022-31114). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.0.63` or later.
CVE-2026-48811 Vulnerability in laravel (CVE-2026-48811)
vulnerability in laravel (CVE-2026-48811). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.221` or later.
CVE-2026-48810 Vulnerability in laravel (CVE-2026-48810)
vulnerability in laravel (CVE-2026-48810). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.221` or later.
CVE-2026-47123 Vulnerability in laravel (CVE-2026-47123)
vulnerability in laravel (CVE-2026-47123). Data can be tampered with by attackers. Mitigation: upgrade to `1.8.220` or later.
CVE-2026-48555 SSRF (Server-Side Request Forgery) in spatie/laravel-medialibrary (CVE-2026-48555)
SSRF in spatie/laravel-medialibrary (CVE-2026-48555). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.23.0` or later.
CVE-2026-48557 Spatie Laravel Media Library contains a file upload restriction bypass
Spatie Laravel Media Library contains a file upload restriction bypass
CVE-2026-45294 Vulnerability in laravel (CVE-2026-45294)
vulnerability in laravel (CVE-2026-45294). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.219` or later.
CVE-2026-45660 SSRF (Server-Side Request Forgery) in statamic/cms (CVE-2026-45660)
SSRF in statamic/cms (CVE-2026-45660). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.73.22` or later.
CVE-2026-44692 Vulnerability in code16/sharp (CVE-2026-44692)
vulnerability in code16/sharp (CVE-2026-44692). Confidential information can be exposed externally. Exploitable via `GET /sharp/{globalFilter}/download/{entityKey}/{instanceId`. Mitigation: upgrade to `9.22.0` or later.
CVE-2026-44306 Vulnerability in statamic/cms (CVE-2026-44306)
vulnerability in statamic/cms (CVE-2026-44306). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.73.21` or later.
CVE-2026-44262 Code Injection in dedoc/scramble (CVE-2026-44262)
code injection in dedoc/scramble (CVE-2026-44262). Confidential information can be exposed externally. Mitigation: upgrade to `0.13.22` or later.
CVE-2026-41524 Cross-Site Scripting (XSS) in laravel (CVE-2026-41524)
cross-site scripting in laravel (CVE-2026-41524). Confidential information can be exposed externally.
CVE-2026-41906 Vulnerability in laravel (CVE-2026-41906)
vulnerability in laravel (CVE-2026-41906). Data can be tampered with by attackers.
CVE-2026-41902 Vulnerability in laravel (CVE-2026-41902)
vulnerability in laravel (CVE-2026-41902). Confidential information can be exposed externally. Exploitable via `Referer header`.
CVE-2026-34084 Unsafe Deserialization in phpoffice/phpspreadsheet (CVE-2026-34084)
vulnerability in phpoffice/phpspreadsheet (CVE-2026-34084). Successful exploitation can lead to full system takeover. Exploitable via ``is_file``. Mitigation: upgrade to `1.30.3` or later.
CVE-2026-31843 Vulnerability in laravel (CVE-2026-31843)
vulnerability in laravel (CVE-2026-31843). Successful exploitation can lead to full system takeover.
CVE-2026-39976 Authentication Bypass in laravel (CVE-2026-39976)
authentication bypass in laravel (CVE-2026-39976). Confidential information can be exposed externally. Mitigation: upgrade to `13.7.1` or later.
CVE-2026-4809 Unrestricted File Upload in laravel (CVE-2026-4809)
vulnerability in laravel (CVE-2026-4809). Successful exploitation can lead to full system takeover.
CVE-2025-54068 KEV [KEV] Code Injection in Laravel livewire (CVE-2025-54068)
code injection in Laravel livewire (CVE-2025-54068). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-56399 Code Injection in laravel (CVE-2025-56399)
code injection in laravel (CVE-2025-56399). Successful exploitation can lead to full system takeover.
CVE-2018-15133 KEV [KEV] Unsafe Deserialization in laravel (CVE-2018-15133)
vulnerability in laravel (CVE-2018-15133). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-3129 KEV [KEV] Vulnerability in Laravel ignition (CVE-2021-3129)
vulnerability in Laravel ignition (CVE-2021-3129). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2017-16894 Information Disclosure in laravel (CVE-2017-16894)
vulnerability in laravel (CVE-2017-16894). Confidential information can be exposed externally.
CVE-2017-14775 Information Disclosure in laravel (CVE-2017-14775)
vulnerability in laravel (CVE-2017-14775). Confidential information can be exposed externally.
CVE-2017-14704 Unrestricted File Upload in laravel (CVE-2017-14704)
vulnerability in laravel (CVE-2017-14704). Successful exploitation can lead to full system takeover.
CVE-2017-9303 Vulnerability in laravel (CVE-2017-9303)
vulnerability in laravel (CVE-2017-9303). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →