livewire/livewire
Packagist2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting livewire/livewirepage 1 of 1
- CVE-2024-21504MEDIUMCVSS 6.1EG 6.1✓ Fixed in 3.4.92024-03-19
vulnerable: v3.3.5 ... v3.4.8 (10 versions)
Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting (XSS) when a page uses [Url] for a property. An attacker can inject HTML code in the context of the user's browser session by craf…
- CVE-2024-47823CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.12.72024-10-08
vulnerable: v0.0.1 ... v2.9.0 (178 versions)
Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to `2.12.7` and `v3.5.2`, the file extension of an uploaded file is guessed based on the MIME type. As a r…
Check whether livewire/livewire is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for livewire/livewire CVEs against the assets you own.
Start Free Scan →