Every CVE whose affected-product data names Laravel Framework, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2021-43617 — CVSS 9.8 (critical): Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/Val…
CVE-2025-27515 — CVSS 9.8 (critical): Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted…
CVE-2018-6330 — CVSS 8.8 (high): Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.
CVE-2020-19316 — CVSS 8.8 (high): OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17.
CVE-2024-13918 — CVSS 8.0 (high): The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of…
CVE-2024-13919 — CVSS 8.0 (high): The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of…
CVE-2024-52301 — CVSS 7.5 (high): Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special…
CVE-2022-40482 — CVSS 5.3 (medium): The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing…
CVE-2021-43808 — CVSS 5.3 (medium): Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS)…