Security context
What an agent needs to avoid regressing past fixes — and find the next bug in this project.
25
Advisories
12
CVEs
Critical
Peak severity
25
With fix diff
Distribution
By severity
Critical
2
High
11
Medium
12
By weakness class
Other
7
Cross-site Scripting
3
SQL Injection
3
Improper Validation
3
Deserialization
3
Command Injection
2
Improper Encoding
1
Information Disclosure
1
Secrets / Crypto
1
Auth / Access Control
1
Every fixed vulnerability (25)
Critical2 fixed
High11 fixed
HighLaravel Framework: CRLF injection in default email rule GHSA-5vg9-5847-vvmq29d agoHighLaravel environment manipulation via query stringCVE-2024-523011y agoHighlaravel framework SQL Injection via limit and offset functionsGHSA-wq8p-mqvg-2p5h2y agoHighlaravel framework Unexpected database bindings via requestsGHSA-jwvj-pwww-3mj52y agoHighLaravel Cookie serialization vulnerabilityGHSA-6jvx-8ch9-j2jr2y agoHighLaravel Framework RCE VulnerabilityCVE-2018-151334y agoHighOS Command Injection in Laravel FrameworkCVE-2020-193164y agoHighImproper Input Validation in LaravelCVE-2020-249415y agoHighSQL Server LIMIT / OFFSET SQL Injection in laravel/framework and illuminate/databaseGHSA-4mg9-vhxq-vm7j5y agoHighUnexpected database bindingsGHSA-x7p5-p2c9-phvg5y agoHighQuery Binding ExploitationCVE-2021-212635y ago
Medium12 fixed
MediumLaravel Framework: Temporary Signed URL Path ConfusionGHSA-crmm-hgp2-wgrp29d agoMediumLaravel framework susceptible to reflected cross-site scriptingCVE-2024-139181y agoMediumLaravel framework susceptible to reflected cross-site scriptingCVE-2024-139191y agoMediumLaravel has a File Validation BypassCVE-2025-275151y agoMediumLaravel Guard bypass in Eloquent modelsGHSA-44pg-c29v-hp6r2y agoMediumLaravel Cross-site Scripting (XSS) vulnerability in blade templatingGHSA-vr95-p7q6-8m9q2y agoMediumLaravel Encrypter Component Potential Decryption Failure Leading to Unintended BehaviorGHSA-7852-w36x-6mf62y agoMediumLaravel Hijacked authentication cookies vulnerabilityGHSA-p62r-7637-3wwc2y agoMediumLaravel Risk of mass-assignment vulnerabilitiesGHSA-rj3w-99gc-8j582y agoMediumLaravel does not properly constrain the host portion of a password-reset URLCVE-2017-93034y agoMediumLaravel Sensitive Data ExposureCVE-2017-147754y agoMediumLaravel Framework XSS in Blade templating engineCVE-2021-438084y ago