pkg:Packagist/flightphp/core

5 total CVEsHIGH3MEDIUM1

✅ Check your installed version

All known vulnerabilities

  • HIGH8.8CVE-2026-42550Flight vulnerable to SQL Injection via unvalidated identifiers in SimplePdo::insert / update / delete
    from 0, < 3.18.1
  • HIGH7.5CVE-2026-42552Flight vulnerable to sensitive information disclosure via default error handler
    from 0, < 3.18.1
  • HIGH7.5CVE-2026-42551Flight: HTTP method override enabled by default, facilitating CSRF escalation and middleware bypass
    from 0, < 3.18.1
  • MEDIUM4.4CVE-2026-42549Flight has path traversal in `make:controller` CLI that creates arbitrary directories outside project root
    from 0, < 3.18.1
  • CVE-2026-42548Flight has reflected XSS through an unvalidated JSONP callback in Flight::jsonp()
    from 0, < 3.18.1