flightphp/core
Packagist5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting flightphp/corepage 1 of 1
- CVE-2026-42548HIGHCVSS 8.6EG 8.6✓ Fixed in 3.18.12026-05-13
vulnerable: v1.0 ... v3.9.0 (67 versions)
Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Flight::jsonp() concatenates the ?jsonp= query parameter directly into an application/javascript response body without validating that the value is a legal JavaScript identi…
- CVE-2026-42549MEDIUMCVSS 4.4EG 4.4✓ Fixed in 3.18.12026-05-13
vulnerable: v1.0 ... v3.9.0 (67 versions)
Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the make:controller CLI command calls mkdir(..., recursive: true) on a path built from the user-supplied controller name, before Nette's class-name validation runs. The clas…
- CVE-2026-42550HIGHCVSS 8.8EG 8.8✓ Fixed in 3.18.12026-05-13
vulnerable: v1.0 ... v3.9.0 (67 versions)
Flight is an extensible micro-framework for PHP. Prior to 3.18.1, SimplePdo::insert(), SimplePdo::update(), and SimplePdo::delete() build SQL statements by concatenating the $table argument and the keys of the $data array directly into the…
- CVE-2026-42551HIGHCVSS 7.5EG 7.5✓ Fixed in 3.18.12026-05-13
vulnerable: v1.0 ... v3.9.0 (67 versions)
Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Request::getMethod() unconditionally honors the X-HTTP-Method-Override header and the $_REQUEST['_method'] parameter on any HTTP verb (including safe verbs such as GET), wit…
- CVE-2026-42552HIGHCVSS 7.5EG 7.5✓ Fixed in 3.18.12026-05-13
vulnerable: v1.0 ... v3.9.0 (67 versions)
Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the default error handler Engine::_error() writes the full exception message, exception code, and stack trace (including absolute filesystem paths) directly into the HTTP 50…
Check whether flightphp/core is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for flightphp/core CVEs against the assets you own.
Start Free Scan →