Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/zendframework/zendframework1@1.12.16
Typecomposer
Namespacezendframework
Namezendframework1
Version1.12.16
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.12.20
Latest_non_vulnerable_version1.12.20
Affected_by_vulnerabilities
0
url VCID-6yzr-h81y-jbda
vulnerability_id VCID-6yzr-h81y-jbda
summary 
Potential Information Disclosure and Insufficient Entropy in Zend\Captcha\Word
Zend generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. The selection is performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This can potentially lead to information disclosure should an attacker be able to brute force the random number generation.
references
0
reference_url http://framework.zend.com/security/advisory/ZF2015-09
reference_id
reference_type
scores
url http://framework.zend.com/security/advisory/ZF2015-09
fixed_packages
0
url pkg:composer/zendframework/zendframework1@1.12.17
purl pkg:composer/zendframework/zendframework1@1.12.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mu4w-1m4s-fqgb
1
vulnerability VCID-qx35-s89y-aufb
2
vulnerability VCID-rbf7-4u42-yyhq
3
vulnerability VCID-rnn1-91rc-ebcf
4
vulnerability VCID-scar-8fh6-pkbz
5
vulnerability VCID-ts3t-ua4s-nkbp
6
vulnerability VCID-xmv1-fye4-buey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.17
aliases GMS-2015-49
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6yzr-h81y-jbda
1
url VCID-b5m8-jc12-1yc3
vulnerability_id VCID-b5m8-jc12-1yc3
summary Potential Information Disclosure and Insufficient Entropy vulnerability in `Zend\Captcha\Word`.
references
0
reference_url https://framework.zend.com/security/advisory/ZF2015-09
reference_id
reference_type
scores
url https://framework.zend.com/security/advisory/ZF2015-09
fixed_packages
0
url pkg:composer/zendframework/zendframework1@1.12.17
purl pkg:composer/zendframework/zendframework1@1.12.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mu4w-1m4s-fqgb
1
vulnerability VCID-qx35-s89y-aufb
2
vulnerability VCID-rbf7-4u42-yyhq
3
vulnerability VCID-rnn1-91rc-ebcf
4
vulnerability VCID-scar-8fh6-pkbz
5
vulnerability VCID-ts3t-ua4s-nkbp
6
vulnerability VCID-xmv1-fye4-buey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.17
aliases ZF2015-09
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b5m8-jc12-1yc3
2
url VCID-jetd-1p57-hyh6
vulnerability_id VCID-jetd-1p57-hyh6
summary Zendframework Potential Information Disclosure and Insufficient Entropy vulnerability
references
0
reference_url https://framework.zend.com/security/advisory/ZF2015-09
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://framework.zend.com/security/advisory/ZF2015-09
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2015-09.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2015-09.yaml
2
reference_url https://github.com/zendframework/zf1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zf1
3
reference_url https://github.com/advisories/GHSA-848f-mph5-9pm9
reference_id GHSA-848f-mph5-9pm9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-848f-mph5-9pm9
fixed_packages
0
url pkg:composer/zendframework/zendframework1@1.12.17
purl pkg:composer/zendframework/zendframework1@1.12.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mu4w-1m4s-fqgb
1
vulnerability VCID-qx35-s89y-aufb
2
vulnerability VCID-rbf7-4u42-yyhq
3
vulnerability VCID-rnn1-91rc-ebcf
4
vulnerability VCID-scar-8fh6-pkbz
5
vulnerability VCID-ts3t-ua4s-nkbp
6
vulnerability VCID-xmv1-fye4-buey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.17
aliases GHSA-848f-mph5-9pm9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jetd-1p57-hyh6
3
url VCID-mu4w-1m4s-fqgb
vulnerability_id VCID-mu4w-1m4s-fqgb
summary 
Multiple vulnerabilities have been found in Zend Framework, the
    worst of which could allow attackers to remotely execute arbitrary
    commands.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-6233
reference_id
reference_type
scores
0
value 0.01724
scoring_system epss
scoring_elements 0.82829
published_at 2026-06-11T12:55:00Z
1
value 0.01724
scoring_system epss
scoring_elements 0.82891
published_at 2026-06-12T12:55:00Z
2
value 0.01724
scoring_system epss
scoring_elements 0.82899
published_at 2026-06-13T12:55:00Z
3
value 0.01724
scoring_system epss
scoring_elements 0.82895
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-6233
1
reference_url https://framework.zend.com/security/advisory/ZF2016-02
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://framework.zend.com/security/advisory/ZF2016-02
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2016-6233.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2016-6233.yaml
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT/
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-6233
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-6233
10
reference_url https://web.archive.org/web/20210123152547/http://www.securityfocus.com/bid/91802
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210123152547/http://www.securityfocus.com/bid/91802
11
reference_url http://www.securityfocus.com/bid/91802
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/91802
12
reference_url https://github.com/advisories/GHSA-p9hp-3gpv-52w3
reference_id GHSA-p9hp-3gpv-52w3
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p9hp-3gpv-52w3
13
reference_url https://security.gentoo.org/glsa/201804-10
reference_id GLSA-201804-10
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201804-10
fixed_packages
0
url pkg:composer/zendframework/zendframework1@1.12.19
purl pkg:composer/zendframework/zendframework1@1.12.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rnn1-91rc-ebcf
1
vulnerability VCID-scar-8fh6-pkbz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.19
aliases CVE-2016-6233, GHSA-p9hp-3gpv-52w3
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mu4w-1m4s-fqgb
4
url VCID-qx35-s89y-aufb
vulnerability_id VCID-qx35-s89y-aufb
summary 
Potential Insufficient Entropy
There are several methods used to generate random numbers in ZF1 that potentially used insufficient entropy. Moreover, there's a potential security issue in the usage of the `openssl_random_pseudo_bytes()` function in `Zend_Crypt_Math::randBytes`, reported in PHP BUG #70014, and the security implications reported in a discussion on the `random_compat` library.
references
0
reference_url http://framework.zend.com/security/advisory/ZF2016-01
reference_id
reference_type
scores
url http://framework.zend.com/security/advisory/ZF2016-01
1
reference_url https://bugs.php.net/bug.php?id=70014
reference_id
reference_type
scores
url https://bugs.php.net/bug.php?id=70014
2
reference_url https://github.com/paragonie/random_compat/issues/96
reference_id
reference_type
scores
url https://github.com/paragonie/random_compat/issues/96
fixed_packages
0
url pkg:composer/zendframework/zendframework1@1.12.18
purl pkg:composer/zendframework/zendframework1@1.12.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mu4w-1m4s-fqgb
1
vulnerability VCID-rnn1-91rc-ebcf
2
vulnerability VCID-scar-8fh6-pkbz
3
vulnerability VCID-ts3t-ua4s-nkbp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.18
aliases ZF2016-11
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qx35-s89y-aufb
5
url VCID-rbf7-4u42-yyhq
vulnerability_id VCID-rbf7-4u42-yyhq
summary Potential Insufficient Entropy Vulnerability in ZF1.
references
0
reference_url https://framework.zend.com/security/advisory/ZF2016-01
reference_id
reference_type
scores
url https://framework.zend.com/security/advisory/ZF2016-01
fixed_packages
0
url pkg:composer/zendframework/zendframework1@1.12.18
purl pkg:composer/zendframework/zendframework1@1.12.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mu4w-1m4s-fqgb
1
vulnerability VCID-rnn1-91rc-ebcf
2
vulnerability VCID-scar-8fh6-pkbz
3
vulnerability VCID-ts3t-ua4s-nkbp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.18
aliases ZF2016-01
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rbf7-4u42-yyhq
6
url VCID-rnn1-91rc-ebcf
vulnerability_id VCID-rnn1-91rc-ebcf
summary 
Potential SQL injection in ORDER and GROUP functions
The implementation of ORDER BY and GROUP BY in `Zend_Db_Select` is prone to SQL injection when a combination of SQL expressions and comments are used.
references
0
reference_url https://framework.zend.com/security/advisory/ZF2016-03
reference_id
reference_type
scores
url https://framework.zend.com/security/advisory/ZF2016-03
fixed_packages
0
url pkg:composer/zendframework/zendframework1@1.12.20
purl pkg:composer/zendframework/zendframework1@1.12.20
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.20
aliases ZF2016-03
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rnn1-91rc-ebcf
7
url VCID-scar-8fh6-pkbz
vulnerability_id VCID-scar-8fh6-pkbz
summary Zendframework1 Potential SQL injection in ORDER and GROUP functions
references
0
reference_url https://framework.zend.com/security/advisory/ZF2016-03
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://framework.zend.com/security/advisory/ZF2016-03
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2016-03.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2016-03.yaml
2
reference_url https://github.com/zendframework/zf1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zf1
3
reference_url https://github.com/advisories/GHSA-6fqw-j3vm-7f66
reference_id GHSA-6fqw-j3vm-7f66
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6fqw-j3vm-7f66
fixed_packages
0
url pkg:composer/zendframework/zendframework1@1.12.20
purl pkg:composer/zendframework/zendframework1@1.12.20
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.20
aliases GHSA-6fqw-j3vm-7f66
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-scar-8fh6-pkbz
8
url VCID-ts3t-ua4s-nkbp
vulnerability_id VCID-ts3t-ua4s-nkbp
summary 
Potential SQL injection
The implementation of `ORDER BY` and `GROUP BY` in `Zend_Db_Select` of ZF1 is vulnerable by the following SQL injection.
references
0
reference_url https://framework.zend.com/security/advisory/ZF2016-02
reference_id
reference_type
scores
url https://framework.zend.com/security/advisory/ZF2016-02
1
reference_url https://github.com/zendframework/zf1/commit/bf3f40605be3d8f136a07ae991079a7dcb34d967
reference_id
reference_type
scores
url https://github.com/zendframework/zf1/commit/bf3f40605be3d8f136a07ae991079a7dcb34d967
fixed_packages
0
url pkg:composer/zendframework/zendframework1@1.12.19
purl pkg:composer/zendframework/zendframework1@1.12.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rnn1-91rc-ebcf
1
vulnerability VCID-scar-8fh6-pkbz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.19
aliases ZF2016-02
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ts3t-ua4s-nkbp
9
url VCID-xmv1-fye4-buey
vulnerability_id VCID-xmv1-fye4-buey
summary ZendFramework1 Potential Insufficient Entropy Vulnerability
references
0
reference_url https://framework.zend.com/security/advisory/ZF2016-01
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://framework.zend.com/security/advisory/ZF2016-01
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2016-01.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2016-01.yaml
2
reference_url https://github.com/zendframework/zf1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zf1
3
reference_url https://github.com/advisories/GHSA-8xhv-gqm4-3w99
reference_id GHSA-8xhv-gqm4-3w99
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8xhv-gqm4-3w99
fixed_packages
0
url pkg:composer/zendframework/zendframework1@1.12.18
purl pkg:composer/zendframework/zendframework1@1.12.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mu4w-1m4s-fqgb
1
vulnerability VCID-rnn1-91rc-ebcf
2
vulnerability VCID-scar-8fh6-pkbz
3
vulnerability VCID-ts3t-ua4s-nkbp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.18
aliases GHSA-8xhv-gqm4-3w99
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xmv1-fye4-buey
Fixing_vulnerabilities
0
url VCID-dx2w-e51v-6ya7
vulnerability_id VCID-dx2w-e51v-6ya7
summary Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite)
references
0
reference_url https://framework.zend.com/security/advisory/ZF2015-08
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://framework.zend.com/security/advisory/ZF2015-08
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2015-08.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2015-08.yaml
2
reference_url https://github.com/zendframework/zf1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zf1
3
reference_url https://github.com/advisories/GHSA-v42g-7q2x-cw32
reference_id GHSA-v42g-7q2x-cw32
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v42g-7q2x-cw32
fixed_packages
0
url pkg:composer/zendframework/zendframework1@1.12.16
purl pkg:composer/zendframework/zendframework1@1.12.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6yzr-h81y-jbda
1
vulnerability VCID-b5m8-jc12-1yc3
2
vulnerability VCID-jetd-1p57-hyh6
3
vulnerability VCID-mu4w-1m4s-fqgb
4
vulnerability VCID-qx35-s89y-aufb
5
vulnerability VCID-rbf7-4u42-yyhq
6
vulnerability VCID-rnn1-91rc-ebcf
7
vulnerability VCID-scar-8fh6-pkbz
8
vulnerability VCID-ts3t-ua4s-nkbp
9
vulnerability VCID-xmv1-fye4-buey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.16
aliases GHSA-v42g-7q2x-cw32
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dx2w-e51v-6ya7
1
url VCID-nzjh-hsdn-73hr
vulnerability_id VCID-nzjh-hsdn-73hr
summary security update
references
0
reference_url http://framework.zend.com/security/advisory/ZF2015-08
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://framework.zend.com/security/advisory/ZF2015-08
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7695
reference_id
reference_type
scores
0
value 0.02248
scoring_system epss
scoring_elements 0.8494
published_at 2026-06-11T12:55:00Z
1
value 0.02248
scoring_system epss
scoring_elements 0.84992
published_at 2026-06-12T12:55:00Z
2
value 0.02248
scoring_system epss
scoring_elements 0.85001
published_at 2026-06-13T12:55:00Z
3
value 0.02248
scoring_system epss
scoring_elements 0.84994
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7695
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5723
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5723
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7695
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7695
4
reference_url https://github.com/zendframework/zf1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zf1
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7695
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7695
6
reference_url http://www.debian.org/security/2015/dsa-3369
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2015/dsa-3369
7
reference_url http://www.openwall.com/lists/oss-security/2015/09/30/6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/09/30/6
8
reference_url http://www.openwall.com/lists/oss-security/2015/09/30/8
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/09/30/8
9
reference_url http://www.openwall.com/lists/oss-security/2015/10/11/3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/10/11/3
10
reference_url http://www.securityfocus.com/bid/76784
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/76784
11
reference_url https://github.com/advisories/GHSA-2hvh-c5c2-vj85
reference_id GHSA-2hvh-c5c2-vj85
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2hvh-c5c2-vj85
fixed_packages
0
url pkg:composer/zendframework/zendframework1@1.12.16
purl pkg:composer/zendframework/zendframework1@1.12.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6yzr-h81y-jbda
1
vulnerability VCID-b5m8-jc12-1yc3
2
vulnerability VCID-jetd-1p57-hyh6
3
vulnerability VCID-mu4w-1m4s-fqgb
4
vulnerability VCID-qx35-s89y-aufb
5
vulnerability VCID-rbf7-4u42-yyhq
6
vulnerability VCID-rnn1-91rc-ebcf
7
vulnerability VCID-scar-8fh6-pkbz
8
vulnerability VCID-ts3t-ua4s-nkbp
9
vulnerability VCID-xmv1-fye4-buey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.16
aliases CVE-2015-7695, GHSA-2hvh-c5c2-vj85
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nzjh-hsdn-73hr
2
url VCID-s5ss-4mta-wkd5
vulnerability_id VCID-s5ss-4mta-wkd5
summary 
SQL Injection
Potential SQL injection vector using null byte for PDO (MsSql, SQLite).
references
0
reference_url https://framework.zend.com/security/advisory/ZF2015-08
reference_id
reference_type
scores
url https://framework.zend.com/security/advisory/ZF2015-08
fixed_packages
0
url pkg:composer/zendframework/zendframework1@1.12.16
purl pkg:composer/zendframework/zendframework1@1.12.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6yzr-h81y-jbda
1
vulnerability VCID-b5m8-jc12-1yc3
2
vulnerability VCID-jetd-1p57-hyh6
3
vulnerability VCID-mu4w-1m4s-fqgb
4
vulnerability VCID-qx35-s89y-aufb
5
vulnerability VCID-rbf7-4u42-yyhq
6
vulnerability VCID-rnn1-91rc-ebcf
7
vulnerability VCID-scar-8fh6-pkbz
8
vulnerability VCID-ts3t-ua4s-nkbp
9
vulnerability VCID-xmv1-fye4-buey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.16
aliases ZF2015-08
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s5ss-4mta-wkd5
3
url VCID-thgd-stfh-aqce
vulnerability_id VCID-thgd-stfh-aqce
summary security update
references
0
reference_url http://framework.zend.com/security/advisory/ZF2015-07
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://framework.zend.com/security/advisory/ZF2015-07
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5723
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10325
published_at 2026-06-13T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.1032
published_at 2026-06-12T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.1027
published_at 2026-06-11T12:55:00Z
3
value 0.00033
scoring_system epss
scoring_elements 0.10302
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5723
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5723
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5723
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7695
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7695
4
reference_url https://framework.zend.com/security/advisory/ZF2015-07
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://framework.zend.com/security/advisory/ZF2015-07
5
reference_url https://github.com/aws/aws-sdk-php/releases/tag/3.2.1
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-sdk-php/releases/tag/3.2.1
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/aws/aws-sdk-php/CVE-2015-5723.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/aws/aws-sdk-php/CVE-2015-5723.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/cache/CVE-2015-5723.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/cache/CVE-2015-5723.yaml
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/orm/CVE-2015-5723.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/orm/CVE-2015-5723.yaml
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-cache/CVE-2015-5723.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-cache/CVE-2015-5723.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-5723.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-5723.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-5723.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-5723.yaml
12
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zfcampus/zf-apigility-doctrine/CVE-2015-5723.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zfcampus/zf-apigility-doctrine/CVE-2015-5723.yaml
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO/
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67/
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5723
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5723
22
reference_url https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html
23
reference_url http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5723
reference_id
reference_type
scores
url http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5723
24
reference_url http://www.debian.org/security/2015/dsa-3369
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2015/dsa-3369
25
reference_url http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html
26
reference_url https://github.com/advisories/GHSA-pw5c-xqf2-6xc2
reference_id GHSA-pw5c-xqf2-6xc2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pw5c-xqf2-6xc2
fixed_packages
0
url pkg:composer/zendframework/zendframework1@1.12.16
purl pkg:composer/zendframework/zendframework1@1.12.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6yzr-h81y-jbda
1
vulnerability VCID-b5m8-jc12-1yc3
2
vulnerability VCID-jetd-1p57-hyh6
3
vulnerability VCID-mu4w-1m4s-fqgb
4
vulnerability VCID-qx35-s89y-aufb
5
vulnerability VCID-rbf7-4u42-yyhq
6
vulnerability VCID-rnn1-91rc-ebcf
7
vulnerability VCID-scar-8fh6-pkbz
8
vulnerability VCID-ts3t-ua4s-nkbp
9
vulnerability VCID-xmv1-fye4-buey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.16
aliases CVE-2015-5723, GHSA-pw5c-xqf2-6xc2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-thgd-stfh-aqce
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.16