← Back

Spatie

spatie

5 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Browsershot
browsershot
4 CVEs
Laravel Media Library
laravel_media_library
1 CVE

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-41706
1Spatie
1Browsershot
Jun 17, 2026
Nov 25, 2022
N/A· v4
8.2 HIGH· v3
N/A· v2
Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method.
CVE-2022-43984
1Spatie
1Browsershot
Jun 17, 2026
Nov 25, 2022
N/A· v4
8.2 HIGH· v3
N/A· v2
Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to t...Show more
Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does not contain URLs that use the file:// protocol.Show less
CVE-2022-43983
1Spatie
1Browsershot
Jun 17, 2026
Nov 25, 2022
N/A· v4
8.2 HIGH· v3
N/A· v2
Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method doe...Show more
Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL's that use the file:// protocol.Show less
CVE-2021-45040
1Spatie
1Laravel Media Library
Jun 17, 2026
Mar 17, 2022
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route.
CVE-2020-7790
1Spatie
1Browsershot
Jun 17, 2026
Dec 11, 2020
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
This affects the package spatie/browsershot from 0.0.0. By specifying a URL in the file:// protocol an attacker is able to include arbitrary files in the resultant PDF.