Laravel Reverb vulnerabilities
2 known vulnerabilities affecting laravel/reverb.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-23524P2CRITICALCVSS 9.8fixed in 1.7.02026-01-21
CVE-2026-23524 [CRITICAL] CWE-502 CVE-2026-23524: Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. In ver
Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. In versions 1.6.3 and below, Reverb passes data from the Redis channel directly into PHP’s unserialize() function without restricting which classes can be instantiated, which leaves users vulnerable to Remote Code Execution. The exploitability of this vul
ghsanvdosv
CVE-2024-50347P3MEDIUMCVSS 6.3fixed in 1.4.02024-10-31
CVE-2024-50347 [MEDIUM] CWE-347 CVE-2024-50347: Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. Prior
Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. Prior to 1.4.0, there is an issue where verification signatures for requests sent to Reverb's Pusher-compatible API were not being verified. This API is used in scenarios such as broadcasting a message from a backend service or for obtaining statistical info
ghsanvdosv