Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

github.com/dunglas/frankenphp

Ecosystem:
go
Package URL:
pkg:golang/github.com/dunglas/frankenphp
Total PRs:
19 Dependabot PRs
Latest PR:
7 months ago
Unique Repositories:
2 repositories
Unique Repos (30 days):
1 repository
Security Advisories
FrankenPHP has delayed propagation of security fixes in upstream base images
GHSA-x9p2-77v6-6vhf CRITICAL published 4 months ago • updated about 16 hours ago
# Delayed propagation of security fixes in upstream base images ## Summary **Vulnerability in base Docker images (PHP, Go, and Alpine) not automa...
FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files
GHSA-3g8v-8r37-cgjm CVE-2026-45062 HIGH published 28 days ago • updated about 12 hours ago
### Summary The `splitPos()` function in [`cgi.go`](https://github.com/php/frankenphp/blob/main/cgi.go) misuses `golang.org/x/text/search` with `s...
FrankenPHP leaks session data between requests in worker mode
GHSA-r3xh-3r3w-47gp CVE-2026-24894 HIGH published 4 months ago • updated about 16 hours ago
### Summary When running FrankenPHP in **worker mode**, the `$_SESSION` superglobal is not correctly reset between requests. This allows a subsequ...
FrankenPHP's unicode case-folding length expansion causes incorrect split_path index (SCRIPT_NAME/PATH_INFO confusion) in FrankenPHP
GHSA-g966-83w7-6w38 CVE-2026-24895 HIGH published 4 months ago • updated about 16 hours ago
### Summary FrankenPHP’s CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split index...
Recent PRs (filtered by: Patch PRs )
RSS Feed Clear filter
Bump github.com/dunglas/frankenphp from 1.9.0 to 1.9.1 in /cli

bottledcode/durable-php #171

1.9.0 → 1.9.1 Patch PR
Open 10 months ago
bottledcode
Package Details
Name: github.com/dunglas/frankenphp
Ecosystem: go
PURL Type: golang
Package URL: pkg:golang/github.com/dunglas/frankenphp
JSON API: View JSON
Security Advisories

4

Active advisories
CRITICAL 1
HIGH 3
View All golang Advisories
Package Information
Description:

Package frankenphp embeds PHP in Go projects and provides a SAPI for net/http. This is the core of the FrankenPHP app server, and can be used in any Go program.

Repository: https://github.com/dunglas/frankenphp
Homepage: https://github.com/dunglas/frankenphp
Latest Release: v1.6.2
about 1 year ago
Dependent Repos: 4
Dependent Packages: 1
Ranking: Top 2.507% by dependent repos Top 5.8159% by dependent pkgs
PR Status
Open 9 (47.4%)
Merged 0 (0.0%)
Closed 4 (21.1%)
PR Types
Minor 12 (63.2%)
Patch 1 (5.3%)