Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/zendframework/zend-db@2.0.0
purl pkg:composer/zendframework/zend-db@2.0.0
Tags Ghost
Next non-vulnerable version 2.2.0rc1
Latest non-vulnerable version 2.3.5
Risk 4.5
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-9z4g-byhj-3fak
Aliases:
CVE-2015-0270
GHSA-v59p-p692-v382
SQL Injection Zend Framework has Potential SQL injection in PostgreSQL `Zend\Db` adapter.
2.2.0rc1
Affected by 0 other vulnerabilities.
2.2.10
Affected by 0 other vulnerabilities.
2.3.5
Affected by 0 other vulnerabilities.
VCID-r5y8-nc2w-kqde
Aliases:
CVE-2014-8089
GHSA-qh9w-r7g5-q939
SQL Injection SQL injection vector when manually quoting values for `sqlsrv` extension, using null byte.
2.0.99
Affected by 0 other vulnerabilities.
2.1.99
Affected by 0 other vulnerabilities.
2.2.0rc1
Affected by 0 other vulnerabilities.
2.2.8
Affected by 1 other vulnerability.
2.3.3
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-04T16:19:37.976595+00:00 GitLab Importer Affected by VCID-9z4g-byhj-3fak https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zend-db/CVE-2015-0270.yml 38.6.0
2026-06-02T04:36:18.061177+00:00 GitLab Importer Affected by VCID-r5y8-nc2w-kqde https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zend-db/CVE-2014-8089.yml 38.6.0