Probably best to head over to more specialized sites to get answers to those questions. And of course those questions have already been asked there. See https://laracasts.com/discuss/channels/laravel/how-secured-is-laravel and https://www.quora.com/Is-Laravel-a-secure-framework for instance.
In particular I'd quote martinbean 's answer to the thread:
The majority of exploits and vulnerabilities will come in client code written on top of the framework. The more you start reading and writing data from external data stores (like databases, filesystems, and web services) increases the chances of a vulnerability being introduced.
The framework itself is pretty solid, the vulnerabilities are often introduced by the developers themselves.
