VYPR

Filament

by Filamentphp

Source repositories

CVEs (9)

  • CVE-2026-55409higJun 17, 2026
    risk 0.38cvss epss 0.00

    In Filament v3, a disabled `RichEditor` field rendered its raw state without sanitizing HTML. Where the data stored in this field's state isn't sanitized already when the form state was filled, an attacker could plant malicious HTML or JavaScript and achieve XSS that executes…

  • CVE-2024-47186MedSep 27, 2024
    risk 0.33cvss 6.1epss 0.00

    Filament is a collection of full-stack components for Laravel development. Versions of Filament from v3.0.0 through v3.2.114 are affected by a cross-site scripting (XSS) vulnerability. If values passed to a `ColorColumn` or `ColumnEntry` are not valid and contain a specific set…

  • CVE-2024-51758LowNov 7, 2024
    risk 0.08cvss epss 0.01

    Filament is a collection of full-stack components for accelerated Laravel development. All Filament features that interact with storage use the `default_filesystem_disk` config option. This allows the user to easily swap their storage driver to something production-ready like…

  • CVE-2026-48167Jun 22, 2026
    risk 0.00cvss epss 0.00

    Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the ImageColumn and ImageEntry components render raw database values without escaping HTML. Where the data passed to these components isn't validated, an…

  • CVE-2026-48166Jun 22, 2026
    risk 0.00cvss epss 0.00

    Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the login page has an observable timing discrepancy that allows unauthenticated attackers to enumerate registered email addresses. The impact is limited to…

  • CVE-2026-48505Jun 22, 2026
    risk 0.00cvss epss 0.00

    Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, a flaw in the handling of recovery codes for app-based multi-factor authentication allows the same recovery code to be reused via concurrent submission. This…

  • CVE-2026-48067Jun 11, 2026
    risk 0.00cvss epss 0.00

    The `recordSelectOptionsQuery()` method may be used to scope the options available in the `Select` field for `AttachAction` and `AssociateAction`. However, the built-in validation rule for these fields did not apply the same scope. As a result, a user who can trigger these…

  • CVE-2026-33080Mar 20, 2026
    risk 0.00cvss epss 0.00

    Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.8.4 and 5.0.0 through 5.3.4 have two Filament Table summarizers (Range, Values) that render raw database values without escaping HTML. If there is a lack of validation…

  • CVE-2025-67507Dec 10, 2025
    risk 0.00cvss epss 0.00

    Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.3.0 contain a flaw in the handling of recovery codes for app-based multi-factor authentication, allowing the same recovery code to be reused indefinitely. This issue…