PT-2026-51388

Name of the Vulnerable Software and Affected Versions Filament versions prior to 4.11.5 Filament versions prior to 5.6.5 Description The ImageColumn and ImageEntry components render raw database values without escaping HTML. If the data passed to these components is not validated, an attacker can...

PT-2026-26189

Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.8.4 and 5.0.0 through 5.3.4 have two Filament Table summarizers Range, Values that render raw database values without escaping HTML. If there is a lack of validation for the data in the...

EUVD-2024-2760

Malicious code in bioql PyPI...

CVE-2024-47186 Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting

Filament is a collection of full-stack components for Laravel development. Versions of Filament from v3.0.0 through v3.2.114 are affected by a cross-site scripting XSS vulnerability. If values passed to a ColorColumn or ColumnEntry are not valid and contain a specific set of characters,...