45 matches found
CVE-2026-23524
Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. In versions 1.6.3 and below, Reverb passes data from the Redis channel directly into PHP’s unserialize function without restricting which classes can be instantiated, which leaves users vulnerable to...
Deserialization of Untrusted Data
Overview laravel/reverb is a provider of a real-time WebSocket communication backend for Laravel applications. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the unserialize function in PusherPubSubIncomingMessageHandler.php. An attacker can execute...
CVE-2026-23524
Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. In versions 1.6.3 and below, Reverb passes data from the Redis channel directly into PHP’s unserialize function without restricting which classes can be instantiated, which leaves users vulnerable to...
CVE-2026-23524 Laravel Redis Horizontal Scaling Insecure Deserialization
Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. In versions 1.6.3 and below, Reverb passes data from the Redis channel directly into PHP’s unserialize function without restricting which classes can be instantiated, which leaves users vulnerable to...
CVE-2026-23524
Laravel Reverb (laravel/reverb) prior to v1.7.0 is exposed to Remote Code Execution when horizontal scaling is enabled (REVERB_SCALING_ENABLED=true) because data from the Redis channel is deserialized with PHP unserialize() without class restrictions. Affected versions are v1.6.3 and below; vulne...
CVE-2026-23524 Laravel Redis Horizontal Scaling Insecure Deserialization
Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. In versions 1.6.3 and below, Reverb passes data from the Redis channel directly into PHP’s unserialize function without restricting which classes can be instantiated, which leaves users vulnerable to...
CVE-2026-23524
Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. In versions 1.6.3 and below, Reverb passes data from the Redis channel directly into PHP’s unserialize function without restricting which classes can be instantiated, which leaves users vulnerable to...
CVE-2026-23524 Laravel Redis Horizontal Scaling Insecure Deserialization
Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. In versions 1.6.3 and below, Reverb passes data from the Redis channel directly into PHP’s unserialize function without restricting which classes can be instantiated, which leaves users vulnerable to...
GHSA-M27R-M6RX-MHM4 Laravel Redis Horizontal Scaling Insecure Deserialization
Impact This vulnerability affects Laravel Reverb versions prior to v1.7.0 when horizontal scaling is enabled REVERBSCALINGENABLED=true. The exploitability of this vulnerability is increased because Redis servers are commonly deployed without authentication. With horizontal scaling enabled, Reverb...
Laravel Redis Horizontal Scaling Insecure Deserialization
Impact This vulnerability affects Laravel Reverb versions prior to v1.7.0 when horizontal scaling is enabled REVERBSCALINGENABLED=true. The exploitability of this vulnerability is increased because Redis servers are commonly deployed without authentication. With horizontal scaling enabled, Reverb...
Laravel Reverb code issue vulnerabilities
Laravel Reverb is a library open sourced from The Laravel Framework. It brings real-time WebSocket communication to Laravel applications. Versions of Laravel Reverb 1.6.3 and earlier have code vulnerabilities; these vulnerabilities stem from the direct transmission of data to the deserialization...
PT-2026-3792
Name of the Vulnerable Software and Affected Versions Laravel Reverb versions 1.6.3 and below Description Laravel Reverb, a real-time WebSocket communication backend for Laravel applications, has an issue where it passes data from the Redis channel directly into PHP’s unserialize function without...
EUVD-2024-3098
Malicious code in bioql PyPI...
EUVD-2023-31381
Malicious code in bioql PyPI...
EUVD-2024-2884
Malicious code in bioql PyPI...
Malicious code in reverb-event (npm)
The package reverb-event was found to contain malicious code...
MAL-2025-32180 Malicious code in reverb-event (npm)
The package reverb-event was found to contain malicious code...
CVE-2023-27645
An issue found in POWERAMP audioplayer build 925 bundle play and build 954 allows a remote attacker to gain privileges via the reverb and EQ preset parameters...
Signature Verification Bypass
laravel/reverb is vulnerable to a verification signature bypass. The vulnerability is due to missing verification of request signatures for the Pusher-compatible API endpoints, allows unauthorized requests to bypass security checks and potentially access sensitive functionality...
CVE-2024-50347
Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. Prior to 1.4.0, there is an issue where verification signatures for requests sent to Reverb's Pusher-compatible API were not being verified. This API is used in scenarios such as broadcasting a message...