Browse all 9 CVE security advisories affecting laravel. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Laravel serves as a PHP web application framework for building enterprise-grade web applications and APIs. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from misconfigurations or insecure default implementations. The framework's extensive ecosystem introduces additional attack surfaces through packages and services. While no major security incidents have been widely documented, the 9 CVEs on record highlight ongoing security concerns, particularly around input validation and access control. Laravel's built-in security features like CSRF protection and query builder help mitigate risks, but developers must remain vigilant about proper implementation and regular updates to address newly discovered vulnerabilities.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-27515 | Laravel has a File Validation Bypass — frameworkCWE-155 | 6.5 | - | 2025-03-05 |
| CVE-2024-52301 | Laravel allows environment manipulation via query string — frameworkCWE-88 | 6.5AI | MediumAI | 2024-11-12 |
| CVE-2021-43808 | Blade `@parent` Exploitation Leading To Possible XSS in Laravel — frameworkCWE-79 | 5.3 | Medium | 2021-12-07 |
| CVE-2021-21263 | Query Binding Exploitation in Laravel — frameworkCWE-74 | 7.2 | High | 2021-01-19 |
This page lists every published CVE security advisory associated with laravel. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.