Package impact
Packagist / laravel/framework
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9303 | medium | 6.1 | 6.1 | 9y ago | Laravel does not properly constrain the host portion of a password-reset URL | |||
| CVE-2017-14775 | medium | 5.9 | 5.9 | 9y ago | Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison. | |||
| CVE-2018-15133 | unknown | — | 2.5 | 4y ago | Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the appl… | |||
| CVE-2026-48019 | unknown | — | — | 16d ago | Laravel CRLF injection in default email rule |