Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/zendframework/zendframework@2.5.0
purl pkg:composer/zendframework/zendframework@2.5.0
Next non-vulnerable version 2.5.2
Latest non-vulnerable version 2.5.2
Risk 10.0
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-bha1-43g9-z7f2
Aliases:
CVE-2015-7503
GHSA-pm9m-w23q-5967
2.5.2
Affected by 0 other vulnerabilities.
VCID-ha1v-jhhj-xuay
Aliases:
CVE-2015-5161
GHSA-xp8p-9rq5-4wgv
security update
2.5.2
Affected by 0 other vulnerabilities.
VCID-s7mx-8xh2-w3ca
Aliases:
GMS-2015-48
Potential Information Disclosure and Insufficient Entropy in Zend\Captcha\Word Zend generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. The selection is performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This can potentially lead to information disclosure should an attacker be able to brute force the random number generation.
2.5.2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (4)
Vulnerability Summary Aliases
VCID-4bfz-jkrd-4kfn Zendframework URL Rewrite vulnerability GHSA-fh7r-58q4-6387
VCID-b5m8-jc12-1yc3 Potential Information Disclosure and Insufficient Entropy vulnerability in `Zend\Captcha\Word`. ZF2015-09
VCID-cpmt-fwxa-67br Remote code execution in zend-mail via Sendmail adapter A malicious user may be able to inject arbitrary parameters to the system Sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they can be interpreted as additional command line arguments, leading to the vulnerability. ZF2016-04
VCID-gznz-tm3a-nfgz URL Redirection to Untrusted Site (Open Redirect) URL Rewrite vulnerability. ZF2018-01

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-14T00:57:44.792293+00:00 GHSA Importer Affected by VCID-ha1v-jhhj-xuay https://github.com/advisories/GHSA-xp8p-9rq5-4wgv 38.6.0
2026-06-14T00:57:21.588801+00:00 GHSA Importer Affected by VCID-bha1-43g9-z7f2 https://github.com/advisories/GHSA-pm9m-w23q-5967 38.6.0
2026-06-12T19:32:14.139421+00:00 GitLab Importer Fixing VCID-4bfz-jkrd-4kfn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/GHSA-fh7r-58q4-6387.yml 38.6.0
2026-06-12T16:51:34.628628+00:00 GitLab Importer Fixing VCID-cpmt-fwxa-67br https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/ZF2016-04.yml 38.6.0
2026-06-12T16:49:04.419340+00:00 GitLab Importer Fixing VCID-b5m8-jc12-1yc3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/ZF2015-09.yml 38.6.0
2026-06-12T15:40:40.113417+00:00 GitLab Importer Fixing VCID-gznz-tm3a-nfgz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/ZF2018-01.yml 38.6.0
2026-06-12T15:40:03.604870+00:00 GitLab Importer Affected by VCID-bha1-43g9-z7f2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/CVE-2015-7503.yml 38.6.0
2026-06-12T15:39:18.490491+00:00 GitLab Importer Affected by VCID-s7mx-8xh2-w3ca https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/GMS-2015-48.yml 38.6.0
2026-06-12T15:39:16.592790+00:00 GitLab Importer Affected by VCID-ha1v-jhhj-xuay https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/CVE-2015-5161.yml 38.6.0
2026-06-12T07:44:12.190400+00:00 GithubOSV Importer Fixing VCID-4bfz-jkrd-4kfn https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-fh7r-58q4-6387/GHSA-fh7r-58q4-6387.json 38.6.0
2026-06-11T20:35:17.069716+00:00 GHSA Importer Fixing VCID-4bfz-jkrd-4kfn https://github.com/advisories/GHSA-fh7r-58q4-6387 38.6.0