Unclaimed project

Are you a maintainer of psysh? Claim this project to take control of your public changelog and roadmap.

Changelog

psysh

A REPL for PHP

bobthecow/psysh·

9.8k317PHPMIT

·Website

cliphppsyshreplshell

Last updated 2 days ago

More PHP Projects

SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

69.8k

PHP

coolify

An open-source, self-hostable PaaS alternative to Vercel, Heroku & Netlify that lets you easily deploy static sites, databases, full-stack applications and 280+ one-click services on your own servers.

52.5k

PHP

framework

Laravel is a web application framework with expressive, elegant syntax.

34.6k

PHP

server

☁️ Nextcloud server, a safe home for all your data

34.5k

PHP

View all PHP projects →

PsySH v0.12.19 - psysh Release Notes | AnnounceHQ

Back to changelog

NewJanuary 30, 2026

PsySH v0.12.19

⚠️ Security fix

Fixed a CWD configuration poisoning vulnerability (CVE-2026-25129) where a malicious .psysh.php file in an attacker-writable directory could execute arbitrary code when a victim runs PsySH from that directory. This affects all versions prior to v0.12.19 and v0.11.23, including downstream consumers like Laravel Tinker, when invoked from an attacker-writable CWD.

Fixed in v0.12.19 and v0.11.23. Upgrade ASAP.

Restricted Mode

PsySH now requires explicit trust before loading project-local config (.psysh.php), local PsySH binaries, or Composer autoloads from untrusted projects. Trust decisions are persisted per-project in trusted_projects.json.

Configure with trustProject:

'trustProject' => 'prompt',  // default — ask interactively
'trustProject' => 'always',  // trust all projects
'trustProject' => 'never',   // always run restricted

psysh

More PHP Projects

SecLists

coolify

framework

server

More PHP Projects

SecLists

coolify

framework

server

PsySH v0.12.19

⚠️ Security fix

Restricted Mode

Magic method and property support 🪄

Improvements