livewire/livewire
Packagist3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting livewire/livewirepage 1 of 1
- CVE-2024-21504MEDIUMCVSS 6.1EG 6.1✓ Fixed in 3.4.92024-03-19
vulnerable: v3.3.5 ... v3.4.8 (10 versions)
Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting (XSS) when a page uses [Url] for a property. An attacker can inject HTML code in the context of the user's browser session by craf…
- CVE-2024-47823CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.12.72024-10-08
vulnerable: v0.0.1 ... v2.9.0 (178 versions)
Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to `2.12.7` and `v3.5.2`, the file extension of an uploaded file is guessed based on the MIME type. As a r…
- CVE-2025-54068CRITICALCVSS 9.8EG 9.8⚠ KEV✓ Fixed in 3.6.42025-07-17
vulnerable: v3.0.0 ... v3.6.3 (74 versions)
Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain compone…
Check whether livewire/livewire is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for livewire/livewire CVEs against the assets you own.
Start Free Scan →