VYPR

Laravel Framework

by Laravel

Source repositories

CVEs (8)

  • CVE-2017-16894HigNov 20, 2017
    risk 0.59cvss 7.5epss 0.87

    In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in…

  • CVE-2025-27515CriMar 5, 2025
    risk 0.57cvss 9.8epss 0.01

    Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1.

  • CVE-2024-52301HigNov 12, 2024
    risk 0.52cvss 7.5epss 0.38

    Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in…

  • CVE-2024-13919HigMar 10, 2025
    risk 0.45cvss 8.0epss 0.01

    The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page.

  • CVE-2024-13918HigMar 10, 2025
    risk 0.45cvss 8.0epss 0.01

    The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.

  • CVE-2021-43808MedDec 8, 2021
    risk 0.28cvss 5.3epss 0.01

    Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser…

  • CVE-2024-29291Apr 16, 2024
    risk 0.03cvss epss 0.01

    An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed by multiple third parties because the owner of a Laravel Framework installation can choose to have debugging logs, but…

  • CVE-2021-21263HigJan 19, 2021
    risk 0.00cvss 7.2epss 0.02

    Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a…