laravel-unsafe-validator
ignore()
definition in a Rule constraint. This can lead to SQL injection.laravel-cookie-long-timeout
laravel-cookie-same-site
laravel-cookie-null-domain
laravel-dangerous-model-construction
$guarded
to an empty array allows mass assignment to every property in a Laravel model. This explicitly overrides Eloquent’s safe-by-default mass assignment protections.laravel-active-debug-code
laravel-sql-injection
laravel-blade-form-missing-csrf
$METHOD
to route definition $...ROUTE
without a Laravel CSRF decorator or explicit CSRF token implementation. If this form modifies sensitive state this will open your application to Cross-Site Request Forgery (CSRF) attacks.laravel-api-route-sql-injection
laravel-cookie-http-only
laravel-cookie-secure-set