Laravel Security Vulnerabilities (CVEs)
Track 11 security vulnerabilities affecting Laravel products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
CVE-2026-23524 is a critical deserialization vulnerability in Laravel Reverb that allows remote code execution when horizontal scaling is enabled. Att...
Jan 21, 2026This vulnerability in Livewire v3 allows unauthenticated attackers to execute arbitrary commands remotely on affected systems. The issue occurs when s...
Jul 17, 2025Laravel applications running vulnerable versions are susceptible to reflected cross-site scripting (XSS) attacks when debug mode is enabled. Attackers...
Mar 10, 2025Laravel framework versions 11.9.0 through 11.35.1 contain a reflected cross-site scripting vulnerability in debug-mode error pages. Attackers can inje...
Mar 10, 2025A validation bypass vulnerability in Laravel's wildcard file validation allows attackers to upload malicious files by crafting specific request patter...
Mar 5, 2025CVE-2024-55661 is a remote code execution vulnerability in Laravel Pulse monitoring tool. Authenticated users with dashboard access can execute arbitr...
Dec 13, 2024This vulnerability in Livewire allows attackers to bypass file upload validation by uploading PHP files disguised as images. If the server stores uplo...
Oct 8, 2024CVE-2021-28254 is a critical deserialization vulnerability in Laravel v8.5.9 that allows attackers to execute arbitrary commands through the destruct(...
Apr 19, 2023Laravel Fortify before version 1.11.1 has a TOTP (Time-based One-Time Password) vulnerability where one-time codes can be reused within a short time w...
Feb 24, 2022This CVE describes an OS command injection vulnerability in Laravel's Filesystem.php link function. It allows attackers to execute arbitrary operating...
Dec 20, 2021This vulnerability allows attackers to upload malicious .phar files that execute PHP code on Laravel applications running on Debian-based systems. It ...
Nov 14, 2021Why Monitor Laravel Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 11+ known vulnerabilities affecting Laravel products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Laravel packages in under 60 seconds. No agents required - completely agentless scanning that works across Laravel deployments.
Free vulnerability database: Access detailed information about every Laravel CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Laravel CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
