Laravel Laravel

stack.watch can notify you when security vulnerabilities are reported in any Laravel product. You can add multiple products that you use with Laravel to create your own personal software stack watcher.

Products by Laravel Sorted by Most Security Vulnerabilities since 2018

Laravel Framework2 vulnerabilities

Laravel1 vulnerability
PHP Web Application Development Framework

@laravelphp Tweets

Forge: we are thrilled to announce that you may now install multiple PHP versions on a single server! ��… https://t.co/P1xbzcB1Kq
Tue Jul 07 15:10:13 +0000 2020

RT @driesvints: �� To close off: all libraries have been patched for the new Guzzle 7 release. Enjoy!
Tue Jun 30 21:31:49 +0000 2020

RT @driesvints: ⚗️ Dusk v6.4.0 comes with a new clickAtPoint method to let you precisely click at a certain point on a page. �� Pull Reques…
Tue Jun 30 21:31:46 +0000 2020

RT @driesvints: �� Cashier Stripe v12.1.0 comes with support for Stripe's new Customer Portal feature. Redirect to a customer's portal by us…
Tue Jun 30 21:31:41 +0000 2020

RT @driesvints: �� Release day! - Laravel v7.18.0 & v6.18.23 - Cashier v12.1.0 - Dusk v6.4.0 - Envoy v2.2.0 - Laravel Installer v3.2.0 - Lu…
Tue Jun 30 21:31:37 +0000 2020

By the Year

In 2020 there have been 0 vulnerabilities in Laravel . Last year Laravel had 2 security vulnerabilities published. Right now, Laravel is on track to have less security vulerabilities in 2020 than it did last year.

Year Vulnerabilities Average Score
2020 0 0.00
2019 2 9.30
2018 1 8.10

It may take a day or so for new Laravel vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Laravel Security Vulnerabilities

Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php

CVE-2018-6330 8.8 - High - March 28, 2019

Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The Illuminate component of Laravel Framework 5.7.x has a deserialization vulnerability

CVE-2019-9081 9.8 - Critical - February 24, 2019

The Illuminate component of Laravel Framework 5.7.x has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the PendingCommand class in PendingCommand.php.

Marshaling, Unmarshaling

In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29

CVE-2018-15133 8.1 - High - August 09, 2018

In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.

Marshaling, Unmarshaling

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8