VYPR

Packagist (Composer) package

laravel/reverb

pkg:composer/laravel/reverb

Vulnerabilities (2)

  • CVE-2026-23524Jan 21, 2026
    affected < 1.7.0fixed 1.7.0

    Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. In versions 1.6.3 and below, Reverb passes data from the Redis channel directly into PHP’s unserialize() function without restricting which classes can be instantiated, which leaves user

  • CVE-2024-50347MedOct 31, 2024
    affected < 1.4.0fixed 1.4.0

    Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. Prior to 1.4.0, there is an issue where verification signatures for requests sent to Reverb's Pusher-compatible API were not being verified. This API is used in scenarios such as broadca