Products by Laravel Sorted by Most Security Vulnerabilities since 2018
Tue Jul 07 15:10:13 +0000 2020
Tue Jun 30 21:31:49 +0000 2020
Tue Jun 30 21:31:46 +0000 2020
Tue Jun 30 21:31:41 +0000 2020
Tue Jun 30 21:31:37 +0000 2020
By the Year
In 2020 there have been 0 vulnerabilities in Laravel . Last year Laravel had 2 security vulnerabilities published. Right now, Laravel is on track to have less security vulerabilities in 2020 than it did last year.
It may take a day or so for new Laravel vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.
Latest Laravel Security Vulnerabilities
Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php
8.8 - High
- March 28, 2019
Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The Illuminate component of Laravel Framework 5.7.x has a deserialization vulnerability
9.8 - Critical
- February 24, 2019
The Illuminate component of Laravel Framework 5.7.x has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the PendingCommand class in PendingCommand.php.
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29
8.1 - High
- August 09, 2018
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.