Laravel
stack.watch can notify you when security vulnerabilities are reported in any Laravel product. You can add multiple products that you use with Laravel to create your own personal software stack watcher.
Products by Laravel Sorted by Most Security Vulnerabilities since 2018
@laravelphp Tweets
Forge: we are thrilled to announce that you may now install multiple PHP versions on a single server! ��… https://t.co/P1xbzcB1Kq
Tue Jul 07 15:10:13 +0000 2020
Tue Jul 07 15:10:13 +0000 2020
RT @driesvints: �� To close off: all libraries have been patched for the new Guzzle 7 release. Enjoy!
Tue Jun 30 21:31:49 +0000 2020
Tue Jun 30 21:31:49 +0000 2020
RT @driesvints: ⚗️ Dusk v6.4.0 comes with a new clickAtPoint method to let you precisely click at a certain point on a page.
�� Pull Reques…
Tue Jun 30 21:31:46 +0000 2020
Tue Jun 30 21:31:46 +0000 2020
RT @driesvints: �� Cashier Stripe v12.1.0 comes with support for Stripe's new Customer Portal feature. Redirect to a customer's portal by us…
Tue Jun 30 21:31:41 +0000 2020
Tue Jun 30 21:31:41 +0000 2020
RT @driesvints: �� Release day!
- Laravel v7.18.0 & v6.18.23
- Cashier v12.1.0
- Dusk v6.4.0
- Envoy v2.2.0
- Laravel Installer v3.2.0
- Lu…
Tue Jun 30 21:31:37 +0000 2020
Tue Jun 30 21:31:37 +0000 2020
By the Year
In 2020 there have been 0 vulnerabilities in Laravel . Last year Laravel had 2 security vulnerabilities published. Right now, Laravel is on track to have less security vulerabilities in 2020 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2020 | 0 | 0.00 |
| 2019 | 2 | 9.30 |
| 2018 | 1 | 8.10 |
It may take a day or so for new Laravel vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.
Latest Laravel Security Vulnerabilities
Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php
CVE-2018-6330
8.8 - High
- March 28, 2019
Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The Illuminate component of Laravel Framework 5.7.x has a deserialization vulnerability
CVE-2019-9081
9.8 - Critical
- February 24, 2019
The Illuminate component of Laravel Framework 5.7.x has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the PendingCommand class in PendingCommand.php.
Marshaling, Unmarshaling
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29
CVE-2018-15133
8.1 - High
- August 09, 2018
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.
Marshaling, Unmarshaling