Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/zendframework/zendframework@2.0.2
Typecomposer
Namespacezendframework
Namezendframework
Version2.0.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.5.2
Latest_non_vulnerable_version2.5.2
Affected_by_vulnerabilities
0
url VCID-2em7-tb35-vqg8
vulnerability_id VCID-2em7-tb35-vqg8
summary Potential Information Disclosure and Insufficient Entropy vulnerabilities in `Zend\Math\Rand` and `Zend\Validate\Csrf` Components.
references
0
reference_url https://framework.zend.com/security/advisory/ZF2013-02
reference_id
reference_type
scores
url https://framework.zend.com/security/advisory/ZF2013-02
fixed_packages
0
url pkg:composer/zendframework/zendframework@2.0.8
purl pkg:composer/zendframework/zendframework@2.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2g8z-51nu-17hs
1
vulnerability VCID-5bm4-grk6-w7hk
2
vulnerability VCID-6xpr-93ef-27cu
3
vulnerability VCID-8atm-865q-mkf3
4
vulnerability VCID-8fwb-56kb-jubf
5
vulnerability VCID-9z4g-byhj-3fak
6
vulnerability VCID-eezd-92tv-mkdf
7
vulnerability VCID-njsg-e1w1-9qcy
8
vulnerability VCID-q74z-645k-c7dk
9
vulnerability VCID-qs6q-pjks-euh4
10
vulnerability VCID-vmut-b2y4-rkcp
11
vulnerability VCID-wz4g-j8zt-ruff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.0.8
1
url pkg:composer/zendframework/zendframework@2.1.4
purl pkg:composer/zendframework/zendframework@2.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2g8z-51nu-17hs
1
vulnerability VCID-5bm4-grk6-w7hk
2
vulnerability VCID-6xpr-93ef-27cu
3
vulnerability VCID-8atm-865q-mkf3
4
vulnerability VCID-8fwb-56kb-jubf
5
vulnerability VCID-9z4g-byhj-3fak
6
vulnerability VCID-eezd-92tv-mkdf
7
vulnerability VCID-grk8-aj34-hqb4
8
vulnerability VCID-njsg-e1w1-9qcy
9
vulnerability VCID-q74z-645k-c7dk
10
vulnerability VCID-qs6q-pjks-euh4
11
vulnerability VCID-vmut-b2y4-rkcp
12
vulnerability VCID-wz4g-j8zt-ruff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.1.4
aliases ZF2013-02
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2em7-tb35-vqg8
1
url VCID-2g8z-51nu-17hs
vulnerability_id VCID-2g8z-51nu-17hs
summary 
Session Fixation
Session validation vulnerability.
references
0
reference_url https://framework.zend.com/security/advisory/ZF2015-01
reference_id
reference_type
scores
url https://framework.zend.com/security/advisory/ZF2015-01
fixed_packages
0
url pkg:composer/zendframework/zendframework@2.2.0rc1
purl pkg:composer/zendframework/zendframework@2.2.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6xpr-93ef-27cu
1
vulnerability VCID-8atm-865q-mkf3
2
vulnerability VCID-8fwb-56kb-jubf
3
vulnerability VCID-eezd-92tv-mkdf
4
vulnerability VCID-njsg-e1w1-9qcy
5
vulnerability VCID-q74z-645k-c7dk
6
vulnerability VCID-qs6q-pjks-euh4
7
vulnerability VCID-vmut-b2y4-rkcp
8
vulnerability VCID-wz4g-j8zt-ruff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.2.0rc1
1
url pkg:composer/zendframework/zendframework@2.2.9
purl pkg:composer/zendframework/zendframework@2.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8atm-865q-mkf3
1
vulnerability VCID-8fwb-56kb-jubf
2
vulnerability VCID-9z4g-byhj-3fak
3
vulnerability VCID-njsg-e1w1-9qcy
4
vulnerability VCID-q74z-645k-c7dk
5
vulnerability VCID-qs6q-pjks-euh4
6
vulnerability VCID-vmut-b2y4-rkcp
7
vulnerability VCID-wz4g-j8zt-ruff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.2.9
2
url pkg:composer/zendframework/zendframework@2.3.4
purl pkg:composer/zendframework/zendframework@2.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5bm4-grk6-w7hk
1
vulnerability VCID-8atm-865q-mkf3
2
vulnerability VCID-8fwb-56kb-jubf
3
vulnerability VCID-9z4g-byhj-3fak
4
vulnerability VCID-gdkp-ceya-p7c6
5
vulnerability VCID-njsg-e1w1-9qcy
6
vulnerability VCID-q74z-645k-c7dk
7
vulnerability VCID-qs6q-pjks-euh4
8
vulnerability VCID-vmut-b2y4-rkcp
9
vulnerability VCID-wz4g-j8zt-ruff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.3.4
aliases ZF2015-01
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2g8z-51nu-17hs
2
url VCID-5bm4-grk6-w7hk
vulnerability_id VCID-5bm4-grk6-w7hk
summary 
CRLF Injection
Potential CRLF injection attacks in mail and HTTP headers.
references
0
reference_url http://framework.zend.com/security/advisory/ZF2015-04
reference_id
reference_type
scores
url http://framework.zend.com/security/advisory/ZF2015-04
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-3154
reference_id
reference_type
scores
0
value 0.00274
scoring_system epss
scoring_elements 0.51029
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-3154
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2681
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2682
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2683
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2683
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2684
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2684
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2685
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2685
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4914
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4914
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8088
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8088
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8089
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8089
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3154
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3154
11
reference_url https://framework.zend.com/security/advisory/ZF2015-04
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://framework.zend.com/security/advisory/ZF2015-04
12
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-3154.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-3154.yaml
13
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-3154.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-3154.yaml
14
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-http/CVE-2015-3154.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-http/CVE-2015-3154.yaml
15
reference_url https://github.com/zendframework/zendframework
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zendframework
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-3154
reference_id CVE-2015-3154
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-3154
fixed_packages
0
url pkg:composer/zendframework/zendframework@2.2.0rc1
purl pkg:composer/zendframework/zendframework@2.2.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6xpr-93ef-27cu
1
vulnerability VCID-8atm-865q-mkf3
2
vulnerability VCID-8fwb-56kb-jubf
3
vulnerability VCID-eezd-92tv-mkdf
4
vulnerability VCID-njsg-e1w1-9qcy
5
vulnerability VCID-q74z-645k-c7dk
6
vulnerability VCID-qs6q-pjks-euh4
7
vulnerability VCID-vmut-b2y4-rkcp
8
vulnerability VCID-wz4g-j8zt-ruff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.2.0rc1
1
url pkg:composer/zendframework/zendframework@2.2.0
purl pkg:composer/zendframework/zendframework@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2g8z-51nu-17hs
1
vulnerability VCID-6xpr-93ef-27cu
2
vulnerability VCID-8atm-865q-mkf3
3
vulnerability VCID-8fwb-56kb-jubf
4
vulnerability VCID-9z4g-byhj-3fak
5
vulnerability VCID-auhh-apep-mufc
6
vulnerability VCID-eezd-92tv-mkdf
7
vulnerability VCID-grk8-aj34-hqb4
8
vulnerability VCID-ke2d-2a15-rkeh
9
vulnerability VCID-nbuf-3vcw-mqg4
10
vulnerability VCID-njsg-e1w1-9qcy
11
vulnerability VCID-q74z-645k-c7dk
12
vulnerability VCID-qs6q-pjks-euh4
13
vulnerability VCID-r5y8-nc2w-kqde
14
vulnerability VCID-vmut-b2y4-rkcp
15
vulnerability VCID-wz4g-j8zt-ruff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.2.0
2
url pkg:composer/zendframework/zendframework@2.3.8
purl pkg:composer/zendframework/zendframework@2.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8atm-865q-mkf3
1
vulnerability VCID-8fwb-56kb-jubf
2
vulnerability VCID-njsg-e1w1-9qcy
3
vulnerability VCID-q74z-645k-c7dk
4
vulnerability VCID-qs6q-pjks-euh4
5
vulnerability VCID-vmut-b2y4-rkcp
6
vulnerability VCID-wz4g-j8zt-ruff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.3.8
3
url pkg:composer/zendframework/zendframework@2.4.0rc1
purl pkg:composer/zendframework/zendframework@2.4.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8atm-865q-mkf3
1
vulnerability VCID-8fwb-56kb-jubf
2
vulnerability VCID-njsg-e1w1-9qcy
3
vulnerability VCID-q74z-645k-c7dk
4
vulnerability VCID-qs6q-pjks-euh4
5
vulnerability VCID-vmut-b2y4-rkcp
6
vulnerability VCID-wz4g-j8zt-ruff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.0rc1
4
url pkg:composer/zendframework/zendframework@2.4.1
purl pkg:composer/zendframework/zendframework@2.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8atm-865q-mkf3
1
vulnerability VCID-8fwb-56kb-jubf
2
vulnerability VCID-njsg-e1w1-9qcy
3
vulnerability VCID-q74z-645k-c7dk
4
vulnerability VCID-qs6q-pjks-euh4
5
vulnerability VCID-vmut-b2y4-rkcp
6
vulnerability VCID-wz4g-j8zt-ruff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.1
aliases CVE-2015-3154, GHSA-5957-5crx-79jx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5bm4-grk6-w7hk
3
url VCID-6xpr-93ef-27cu
vulnerability_id VCID-6xpr-93ef-27cu
summary 
Improper Authentication
The (1) `Zend_Ldap` class in Zend and (2) `Zend
dap` component in Zend allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141070.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141070.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141106.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141106.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-8088
reference_id
reference_type
scores
0
value 0.00608
scoring_system epss
scoring_elements 0.70101
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-8088
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2681
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2682
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2683
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2683
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2684
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2684
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2685
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2685
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4914
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4914
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8088
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8088
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8089
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8089
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3154
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3154
12
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/97038
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/97038
13
reference_url https://framework.zend.com/security/advisory/ZF2014-05
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://framework.zend.com/security/advisory/ZF2014-05
14
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2014-8088.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2014-8088.yaml
15
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2014-8088.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2014-8088.yaml
16
reference_url https://github.com/zendframework/zendframework
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zendframework
17
reference_url https://github.com/zendframework/zendframework/commit/a4222a6c1dc809f0f32fdafcd1ac4d583a075f2f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zendframework/commit/a4222a6c1dc809f0f32fdafcd1ac4d583a075f2f
18
reference_url http://www.debian.org/security/2015/dsa-3265
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2015/dsa-3265
19
reference_url http://www.openwall.com/lists/oss-security/2014/10/10/5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/10/10/5
20
reference_url http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
21
reference_url http://www.securityfocus.com/bid/70378
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/70378
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-8088
reference_id CVE-2014-8088
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-8088
fixed_packages
0
url pkg:composer/zendframework/zendframework@2.0.99
purl pkg:composer/zendframework/zendframework@2.0.99
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.0.99
1
url pkg:composer/zendframework/zendframework@2.1.99
purl pkg:composer/zendframework/zendframework@2.1.99
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.1.99
2
url pkg:composer/zendframework/zendframework@2.2.8
purl pkg:composer/zendframework/zendframework@2.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2g8z-51nu-17hs
1
vulnerability VCID-8atm-865q-mkf3
2
vulnerability VCID-8fwb-56kb-jubf
3
vulnerability VCID-9z4g-byhj-3fak
4
vulnerability VCID-njsg-e1w1-9qcy
5
vulnerability VCID-q74z-645k-c7dk
6
vulnerability VCID-qs6q-pjks-euh4
7
vulnerability VCID-vmut-b2y4-rkcp
8
vulnerability VCID-wz4g-j8zt-ruff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.2.8
3
url pkg:composer/zendframework/zendframework@2.3.3
purl pkg:composer/zendframework/zendframework@2.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2g8z-51nu-17hs
1
vulnerability VCID-5bm4-grk6-w7hk
2
vulnerability VCID-8atm-865q-mkf3
3
vulnerability VCID-8fwb-56kb-jubf
4
vulnerability VCID-9z4g-byhj-3fak
5
vulnerability VCID-gdkp-ceya-p7c6
6
vulnerability VCID-njsg-e1w1-9qcy
7
vulnerability VCID-q74z-645k-c7dk
8
vulnerability VCID-qs6q-pjks-euh4
9
vulnerability VCID-vmut-b2y4-rkcp
10
vulnerability VCID-wz4g-j8zt-ruff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.3.3
aliases CVE-2014-8088, GHSA-f6rc-rh43-h8gr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6xpr-93ef-27cu
4
url VCID-8atm-865q-mkf3
vulnerability_id VCID-8atm-865q-mkf3
summary Potential Information Disclosure and Insufficient Entropy vulnerability in `Zend\Captcha\Word`.
references
0
reference_url https://framework.zend.com/security/advisory/ZF2015-09
reference_id
reference_type
scores
url https://framework.zend.com/security/advisory/ZF2015-09
fixed_packages
0
url pkg:composer/zendframework/zendframework@2.4.9
purl pkg:composer/zendframework/zendframework@2.4.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qs6q-pjks-euh4
1
vulnerability VCID-wz4g-j8zt-ruff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.9
1
url pkg:composer/zendframework/zendframework@2.5.0
purl pkg:composer/zendframework/zendframework@2.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8fwb-56kb-jubf
1
vulnerability VCID-njsg-e1w1-9qcy
2
vulnerability VCID-vmut-b2y4-rkcp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.5.0
aliases ZF2015-09
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8atm-865q-mkf3
5
url VCID-8fwb-56kb-jubf
vulnerability_id VCID-8fwb-56kb-jubf
summary 
Potential Information Disclosure in Zend\Crypt\PublicKey\Rsa\PublicKey
Zend\Crypt\PublicKey\Rsa\PublicKey has a call to `openssl_public_encrypt()` which uses PHP's default `$padding` argument, which specifies `OPENSSL_PKCS1_PADDING`, indicating usage of PKCS1v1.5 padding. This padding has a known vulnerability, the Bleichenbacher's chosen-ciphertext attack, which can be used to decrypt arbitrary ciphertexts. Users should upgrade to a fixed version unless there are not using the RSA public key functionality.
references
0
reference_url http://framework.zend.com/security/advisory/ZF2015-10
reference_id
reference_type
scores
url http://framework.zend.com/security/advisory/ZF2015-10
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7503
reference_id
reference_type
scores
0
value 0.00249
scoring_system epss
scoring_elements 0.48349
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7503
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1283137
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1283137
3
reference_url https://framework.zend.com/security/advisory/ZF2015-10
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://framework.zend.com/security/advisory/ZF2015-10
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-crypt/CVE-2015-7503.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-crypt/CVE-2015-7503.yaml
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-7503.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-7503.yaml
6
reference_url https://github.com/zendframework/zendframework
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zendframework
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7503
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7503
fixed_packages
0
url pkg:composer/zendframework/zendframework@2.4.9
purl pkg:composer/zendframework/zendframework@2.4.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qs6q-pjks-euh4
1
vulnerability VCID-wz4g-j8zt-ruff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.9
1
url pkg:composer/zendframework/zendframework@2.5.2
purl pkg:composer/zendframework/zendframework@2.5.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.5.2
aliases CVE-2015-7503, GHSA-pm9m-w23q-5967
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8fwb-56kb-jubf
6
url VCID-9z4g-byhj-3fak
vulnerability_id VCID-9z4g-byhj-3fak
summary 
SQL Injection
Zend Framework has Potential SQL injection in PostgreSQL `Zend\Db` adapter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-0270
reference_id
reference_type
scores
0
value 0.00331
scoring_system epss
scoring_elements 0.56274
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-0270
1
reference_url https://framework.zend.com/security/advisory/ZF2015-02
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://framework.zend.com/security/advisory/ZF2015-02
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-db/CVE-2015-0270.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-db/CVE-2015-0270.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-0270.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-0270.yaml
4
reference_url https://github.com/zendframework/zendframework
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zendframework
5
reference_url https://github.com/zendframework/zendframework/commit/569f18228f5fc84534af6ff2f367ca1a7143ec65
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zendframework/commit/569f18228f5fc84534af6ff2f367ca1a7143ec65
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-0270
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-0270
fixed_packages
0
url pkg:composer/zendframework/zendframework@2.2.0rc1
purl pkg:composer/zendframework/zendframework@2.2.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6xpr-93ef-27cu
1
vulnerability VCID-8atm-865q-mkf3
2
vulnerability VCID-8fwb-56kb-jubf
3
vulnerability VCID-eezd-92tv-mkdf
4
vulnerability VCID-njsg-e1w1-9qcy
5
vulnerability VCID-q74z-645k-c7dk
6
vulnerability VCID-qs6q-pjks-euh4
7
vulnerability VCID-vmut-b2y4-rkcp
8
vulnerability VCID-wz4g-j8zt-ruff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.2.0rc1
1
url pkg:composer/zendframework/zendframework@2.2.10
purl pkg:composer/zendframework/zendframework@2.2.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8atm-865q-mkf3
1
vulnerability VCID-8fwb-56kb-jubf
2
vulnerability VCID-njsg-e1w1-9qcy
3
vulnerability VCID-q74z-645k-c7dk
4
vulnerability VCID-qs6q-pjks-euh4
5
vulnerability VCID-vmut-b2y4-rkcp
6
vulnerability VCID-wz4g-j8zt-ruff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.2.10
2
url pkg:composer/zendframework/zendframework@2.3.5
purl pkg:composer/zendframework/zendframework@2.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5bm4-grk6-w7hk
1
vulnerability VCID-8atm-865q-mkf3
2
vulnerability VCID-8fwb-56kb-jubf
3
vulnerability VCID-gdkp-ceya-p7c6
4
vulnerability VCID-njsg-e1w1-9qcy
5
vulnerability VCID-q74z-645k-c7dk
6
vulnerability VCID-qs6q-pjks-euh4
7
vulnerability VCID-vmut-b2y4-rkcp
8
vulnerability VCID-wz4g-j8zt-ruff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.3.5
aliases CVE-2015-0270, GHSA-v59p-p692-v382
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9z4g-byhj-3fak
7
url VCID-de8f-p8x2-fbfr
vulnerability_id VCID-de8f-p8x2-fbfr
summary 
SQL Injection
Potential SQL injection due to execution of platform-specific SQL containing interpolations.
references
0
reference_url https://framework.zend.com/security/advisory/ZF2013-03
reference_id
reference_type
scores
url https://framework.zend.com/security/advisory/ZF2013-03
fixed_packages
0
url pkg:composer/zendframework/zendframework@2.0.8
purl pkg:composer/zendframework/zendframework@2.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2g8z-51nu-17hs
1
vulnerability VCID-5bm4-grk6-w7hk
2
vulnerability VCID-6xpr-93ef-27cu
3
vulnerability VCID-8atm-865q-mkf3
4
vulnerability VCID-8fwb-56kb-jubf
5
vulnerability VCID-9z4g-byhj-3fak
6
vulnerability VCID-eezd-92tv-mkdf
7
vulnerability VCID-njsg-e1w1-9qcy
8
vulnerability VCID-q74z-645k-c7dk
9
vulnerability VCID-qs6q-pjks-euh4
10
vulnerability VCID-vmut-b2y4-rkcp
11
vulnerability VCID-wz4g-j8zt-ruff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.0.8
1
url pkg:composer/zendframework/zendframework@2.1.4
purl pkg:composer/zendframework/zendframework@2.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2g8z-51nu-17hs
1
vulnerability VCID-5bm4-grk6-w7hk
2
vulnerability VCID-6xpr-93ef-27cu
3
vulnerability VCID-8atm-865q-mkf3
4
vulnerability VCID-8fwb-56kb-jubf
5
vulnerability VCID-9z4g-byhj-3fak
6
vulnerability VCID-eezd-92tv-mkdf
7
vulnerability VCID-grk8-aj34-hqb4
8
vulnerability VCID-njsg-e1w1-9qcy
9
vulnerability VCID-q74z-645k-c7dk
10
vulnerability VCID-qs6q-pjks-euh4
11
vulnerability VCID-vmut-b2y4-rkcp
12
vulnerability VCID-wz4g-j8zt-ruff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.1.4
aliases ZF2013-03
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-de8f-p8x2-fbfr
8
url VCID-eezd-92tv-mkdf
vulnerability_id VCID-eezd-92tv-mkdf
summary 
Cross-site Scripting
Potential XSS vector in multiple view helpers.
references
0
reference_url https://framework.zend.com/security/advisory/ZF2014-03
reference_id
reference_type
scores
url https://framework.zend.com/security/advisory/ZF2014-03
fixed_packages
0
url pkg:composer/zendframework/zendframework@2.2.7
purl pkg:composer/zendframework/zendframework@2.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2g8z-51nu-17hs
1
vulnerability VCID-6xpr-93ef-27cu
2
vulnerability VCID-8atm-865q-mkf3
3
vulnerability VCID-8fwb-56kb-jubf
4
vulnerability VCID-9z4g-byhj-3fak
5
vulnerability VCID-njsg-e1w1-9qcy
6
vulnerability VCID-q74z-645k-c7dk
7
vulnerability VCID-qs6q-pjks-euh4
8
vulnerability VCID-r5y8-nc2w-kqde
9
vulnerability VCID-vmut-b2y4-rkcp
10
vulnerability VCID-wz4g-j8zt-ruff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.2.7
1
url pkg:composer/zendframework/zendframework@2.3.1
purl pkg:composer/zendframework/zendframework@2.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2g8z-51nu-17hs
1
vulnerability VCID-5bm4-grk6-w7hk
2
vulnerability VCID-6xpr-93ef-27cu
3
vulnerability VCID-8atm-865q-mkf3
4
vulnerability VCID-8fwb-56kb-jubf
5
vulnerability VCID-9z4g-byhj-3fak
6
vulnerability VCID-gdkp-ceya-p7c6
7
vulnerability VCID-njsg-e1w1-9qcy
8
vulnerability VCID-q74z-645k-c7dk
9
vulnerability VCID-qs6q-pjks-euh4
10
vulnerability VCID-r5y8-nc2w-kqde
11
vulnerability VCID-vmut-b2y4-rkcp
12
vulnerability VCID-wz4g-j8zt-ruff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.3.1
aliases ZF2014-03
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eezd-92tv-mkdf
9
url VCID-fzj7-v53w-77ar
vulnerability_id VCID-fzj7-v53w-77ar
summary 
Unintended Proxy or Intermediary ('Confused Deputy')
Potential Proxy Injection Vulnerabilities in Multiple Zend Framework 2 Components.
references
0
reference_url https://framework.zend.com/security/advisory/ZF2012-04
reference_id
reference_type
scores
url https://framework.zend.com/security/advisory/ZF2012-04
fixed_packages
0
url pkg:composer/zendframework/zendframework@2.0.5
purl pkg:composer/zendframework/zendframework@2.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2em7-tb35-vqg8
1
vulnerability VCID-2g8z-51nu-17hs
2
vulnerability VCID-5bm4-grk6-w7hk
3
vulnerability VCID-6xpr-93ef-27cu
4
vulnerability VCID-8atm-865q-mkf3
5
vulnerability VCID-8fwb-56kb-jubf
6
vulnerability VCID-9z4g-byhj-3fak
7
vulnerability VCID-de8f-p8x2-fbfr
8
vulnerability VCID-eezd-92tv-mkdf
9
vulnerability VCID-njsg-e1w1-9qcy
10
vulnerability VCID-q74z-645k-c7dk
11
vulnerability VCID-qs6q-pjks-euh4
12
vulnerability VCID-ux4f-q4es-gua5
13
vulnerability VCID-vmut-b2y4-rkcp
14
vulnerability VCID-wz4g-j8zt-ruff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.0.5
aliases ZF2012-04
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fzj7-v53w-77ar
10
url VCID-njsg-e1w1-9qcy
vulnerability_id VCID-njsg-e1w1-9qcy
summary 
XXE/XEE vulnerability via multibyte payloads
There's a flow that allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters. This only apply when running under PHP-FPM in a threaded environment.
references
0
reference_url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161
reference_id
reference_type
scores
url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161
1
reference_url http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164409.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164409.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165147.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165147.html
4
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165173.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165173.html
5
reference_url http://packetstormsecurity.com/files/133068/Zend-Framework-2.4.2-1.12.13-XXE-Injection.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/133068/Zend-Framework-2.4.2-1.12.13-XXE-Injection.html
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5161
reference_id
reference_type
scores
0
value 0.39093
scoring_system epss
scoring_elements 0.97355
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5161
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161
8
reference_url http://seclists.org/fulldisclosure/2015/Aug/46
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2015/Aug/46
9
reference_url https://framework.zend.com/security/advisory/ZF2015-06
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://framework.zend.com/security/advisory/ZF2015-06
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-5161.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-5161.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-5161.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-5161.yaml
12
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendxml/CVE-2015-5161.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendxml/CVE-2015-5161.yaml
13
reference_url https://github.com/zendframework/ZendXml/commit/79f478fa2af85ce1fc18ac132dee5aa714c3b532
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/ZendXml/commit/79f478fa2af85ce1fc18ac132dee5aa714c3b532
14
reference_url https://github.com/zendframework/zf1/commit/ff7edddf1410b44b5ead857c02698aad9f748d1b
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zf1/commit/ff7edddf1410b44b5ead857c02698aad9f748d1b
15
reference_url https://github.com/zendframework/zf1/issues/393
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zf1/issues/393
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5161
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5161
17
reference_url https://web.archive.org/web/20200228055156/http://www.securityfocus.com/bid/76177
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228055156/http://www.securityfocus.com/bid/76177
18
reference_url https://www.exploit-db.com/exploits/37765
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/37765
19
reference_url http://www.debian.org/security/2015/dsa-3340
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2015/dsa-3340
20
reference_url http://www.securityfocus.com/bid/76177
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/76177
21
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/37765.txt
reference_id CVE-2015-5161
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/37765.txt
22
reference_url http://framework.zend.com/security/advisory/ZF2015-06
reference_id CVE-2015-5161;OSVDB-125783
reference_type exploit
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://framework.zend.com/security/advisory/ZF2015-06
23
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/38573.txt
reference_id CVE-2015-5161;OSVDB-125783
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/38573.txt
fixed_packages
0
url pkg:composer/zendframework/zendframework@2.4.6
purl pkg:composer/zendframework/zendframework@2.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8atm-865q-mkf3
1
vulnerability VCID-8fwb-56kb-jubf
2
vulnerability VCID-q74z-645k-c7dk
3
vulnerability VCID-qs6q-pjks-euh4
4
vulnerability VCID-vmut-b2y4-rkcp
5
vulnerability VCID-wz4g-j8zt-ruff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.6
1
url pkg:composer/zendframework/zendframework@2.5.2
purl pkg:composer/zendframework/zendframework@2.5.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.5.2
aliases CVE-2015-5161, GHSA-xp8p-9rq5-4wgv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-njsg-e1w1-9qcy
11
url VCID-q74z-645k-c7dk
vulnerability_id VCID-q74z-645k-c7dk
summary 
Security Misconfiguration Vulnerability
Doctrine uses `mkdir($cacheDirectory )` to create caches directories. if your application runs with a umask of
references
0
reference_url http://framework.zend.com/security/advisory/ZF2015-07
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://framework.zend.com/security/advisory/ZF2015-07
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5723
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10216
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5723
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5723
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5723
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7695
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7695
4
reference_url https://framework.zend.com/security/advisory/ZF2015-07
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://framework.zend.com/security/advisory/ZF2015-07
5
reference_url https://github.com/aws/aws-sdk-php/releases/tag/3.2.1
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-sdk-php/releases/tag/3.2.1
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/aws/aws-sdk-php/CVE-2015-5723.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/aws/aws-sdk-php/CVE-2015-5723.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/cache/CVE-2015-5723.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/cache/CVE-2015-5723.yaml
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/orm/CVE-2015-5723.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/orm/CVE-2015-5723.yaml
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-cache/CVE-2015-5723.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-cache/CVE-2015-5723.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-5723.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-5723.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-5723.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-5723.yaml
12
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zfcampus/zf-apigility-doctrine/CVE-2015-5723.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zfcampus/zf-apigility-doctrine/CVE-2015-5723.yaml
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5723
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5723
18
reference_url https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html
19
reference_url http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5723
reference_id
reference_type
scores
url http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5723
20
reference_url http://www.debian.org/security/2015/dsa-3369
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2015/dsa-3369
21
reference_url http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html
fixed_packages
0
url pkg:composer/zendframework/zendframework@2.4.8
purl pkg:composer/zendframework/zendframework@2.4.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8atm-865q-mkf3
1
vulnerability VCID-8fwb-56kb-jubf
2
vulnerability VCID-qs6q-pjks-euh4
3
vulnerability VCID-vmut-b2y4-rkcp
4
vulnerability VCID-wz4g-j8zt-ruff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.8
aliases CVE-2015-5723, GHSA-pw5c-xqf2-6xc2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q74z-645k-c7dk
12
url VCID-qs6q-pjks-euh4
vulnerability_id VCID-qs6q-pjks-euh4
summary 
Remote code execution in zend-mail via Sendmail adapter
A malicious user may be able to inject arbitrary parameters to the system Sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they can be interpreted as additional command line arguments, leading to the vulnerability.
references
0
reference_url https://framework.zend.com/security/advisory/ZF2016-04
reference_id
reference_type
scores
url https://framework.zend.com/security/advisory/ZF2016-04
fixed_packages
0
url pkg:composer/zendframework/zendframework@2.4.11
purl pkg:composer/zendframework/zendframework@2.4.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wz4g-j8zt-ruff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.11
1
url pkg:composer/zendframework/zendframework@2.5.0
purl pkg:composer/zendframework/zendframework@2.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8fwb-56kb-jubf
1
vulnerability VCID-njsg-e1w1-9qcy
2
vulnerability VCID-vmut-b2y4-rkcp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.5.0
aliases ZF2016-04
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qs6q-pjks-euh4
13
url VCID-ux4f-q4es-gua5
vulnerability_id VCID-ux4f-q4es-gua5
summary 
Paramter Injection
Route Parameter Injection Via Query String in `Zend\Mvc`.
references
0
reference_url https://framework.zend.com/security/advisory/ZF2013-01
reference_id
reference_type
scores
url https://framework.zend.com/security/advisory/ZF2013-01
fixed_packages
0
url pkg:composer/zendframework/zendframework@2.0.8
purl pkg:composer/zendframework/zendframework@2.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2g8z-51nu-17hs
1
vulnerability VCID-5bm4-grk6-w7hk
2
vulnerability VCID-6xpr-93ef-27cu
3
vulnerability VCID-8atm-865q-mkf3
4
vulnerability VCID-8fwb-56kb-jubf
5
vulnerability VCID-9z4g-byhj-3fak
6
vulnerability VCID-eezd-92tv-mkdf
7
vulnerability VCID-njsg-e1w1-9qcy
8
vulnerability VCID-q74z-645k-c7dk
9
vulnerability VCID-qs6q-pjks-euh4
10
vulnerability VCID-vmut-b2y4-rkcp
11
vulnerability VCID-wz4g-j8zt-ruff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.0.8
1
url pkg:composer/zendframework/zendframework@2.1.4
purl pkg:composer/zendframework/zendframework@2.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2g8z-51nu-17hs
1
vulnerability VCID-5bm4-grk6-w7hk
2
vulnerability VCID-6xpr-93ef-27cu
3
vulnerability VCID-8atm-865q-mkf3
4
vulnerability VCID-8fwb-56kb-jubf
5
vulnerability VCID-9z4g-byhj-3fak
6
vulnerability VCID-eezd-92tv-mkdf
7
vulnerability VCID-grk8-aj34-hqb4
8
vulnerability VCID-njsg-e1w1-9qcy
9
vulnerability VCID-q74z-645k-c7dk
10
vulnerability VCID-qs6q-pjks-euh4
11
vulnerability VCID-vmut-b2y4-rkcp
12
vulnerability VCID-wz4g-j8zt-ruff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.1.4
aliases ZF2013-01
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ux4f-q4es-gua5
14
url VCID-vmut-b2y4-rkcp
vulnerability_id VCID-vmut-b2y4-rkcp
summary 
Potential Information Disclosure and Insufficient Entropy in Zend\Captcha\Word
Zend generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. The selection is performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This can potentially lead to information disclosure should an attacker be able to brute force the random number generation.
references
0
reference_url http://framework.zend.com/security/advisory/ZF2015-09
reference_id
reference_type
scores
url http://framework.zend.com/security/advisory/ZF2015-09
fixed_packages
0
url pkg:composer/zendframework/zendframework@2.4.9
purl pkg:composer/zendframework/zendframework@2.4.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qs6q-pjks-euh4
1
vulnerability VCID-wz4g-j8zt-ruff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.9
1
url pkg:composer/zendframework/zendframework@2.5.2
purl pkg:composer/zendframework/zendframework@2.5.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.5.2
aliases GMS-2015-48
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vmut-b2y4-rkcp
15
url VCID-wz4g-j8zt-ruff
vulnerability_id VCID-wz4g-j8zt-ruff
summary 
URL Redirection to Untrusted Site (Open Redirect)
URL Rewrite vulnerability.
references
0
reference_url https://framework.zend.com/security/advisory/ZF2018-01
reference_id
reference_type
scores
url https://framework.zend.com/security/advisory/ZF2018-01
fixed_packages
0
url pkg:composer/zendframework/zendframework@2.5.0
purl pkg:composer/zendframework/zendframework@2.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8fwb-56kb-jubf
1
vulnerability VCID-njsg-e1w1-9qcy
2
vulnerability VCID-vmut-b2y4-rkcp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.5.0
aliases ZF2018-01
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wz4g-j8zt-ruff
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.0.2