Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/zendframework/zendframework1@1.8.0
purl pkg:composer/zendframework/zendframework1@1.8.0
Tags Ghost
Next non-vulnerable version 1.12.20
Latest non-vulnerable version 1.12.20
Risk 3.1
Vulnerabilities affecting this package (8)
Vulnerability Summary Fixed by
VCID-24xb-s5fu-xuc2
Aliases:
ZF2010-05
Cross-site Scripting Potential XSS vector in `Zend_Service_ReCaptcha_MailHide`.
1.12.0
Affected by 30 other vulnerabilities.
VCID-58xr-g2ea-z7ed
Aliases:
GHSA-vvm3-rv48-j3g5
Zendframework Potential XSS or HTML Injection vector in Zend_Json `Zend_Json_Encoder` was not taking into account the solidus character (/) during encoding, leading to incompatibilities with the JSON specification, and opening the potential for XSS or HTML injection attacks when returning HTML within a JSON string.
1.8.5
Affected by 0 other vulnerabilities.
1.9.7
Affected by 0 other vulnerabilities.
VCID-6j4n-cucb-5fdy
Aliases:
ZF2010-02
Cross-site Scripting Potential XSS vector in `Zend_Dojo_View_Helper_Editor`.
1.12.0
Affected by 30 other vulnerabilities.
VCID-cp8b-e8wm-kfb3
Aliases:
ZF2010-06
Cross-Site Scripting Potential Security Issues in Bundled Dojo Library.
1.12.0
Affected by 30 other vulnerabilities.
VCID-e98a-dehh-ybbe
Aliases:
ZF2010-03
Cross-site Scripting Potential XSS vector in `Zend_Filter_StripTags` when comments allowed.
1.12.0
Affected by 30 other vulnerabilities.
VCID-rnne-hzp6-e3hp
Aliases:
GHSA-4vf6-mq7w-3hp6
Zend_Filter_StripTags vulnerable to Cross-site Scripting when comments allowed Zend_Filter_StripTags contained an optional setting to allow allowlisting HTML comments in filtered text. Microsoft Internet Explorer and several other browsers allow developers to create conditional functionality via HTML comments, including execution of script events and rendering of additional commented markup. By allowing allowlisting of HTML comments, a malicious user could potentially include XSS exploits within HTML comments that would then be rendered in the final output.
1.8.5
Affected by 0 other vulnerabilities.
1.9.7
Affected by 0 other vulnerabilities.
VCID-w2n5-5n2c-ryc8
Aliases:
GHSA-4v57-pwvf-x35j
Zendframework potential Cross-site Scripting vector in `Zend_Service_ReCaptcha_MailHide` `Zend_Service_ReCaptcha_MailHide` had a potential XSS vulnerability. Due to the fact that the email address was never validated, and because its use of `htmlentities()` did not include the encoding argument, it was potentially possible for a malicious user aware of the issue to inject a specially crafted multibyte string as an attack via the CAPTCHA's email argument
1.8.5
Affected by 0 other vulnerabilities.
1.9.7
Affected by 0 other vulnerabilities.
VCID-wg7p-tvdc-6yh6
Aliases:
GHSA-j543-vg33-g6vj
ZendFramework potential Cross-site Scripting vector in `Zend_Dojo_View_Helper_Editor` `Zend_Dojo_View_Helper_Editor` was incorrectly decorating a TEXTAREA instead of a DIV. The Dojo team has reported that this has security implications as the rich text editor they use is unable to escape content for a TEXTAREA.
1.8.5
Affected by 0 other vulnerabilities.
1.9.7
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-05T21:45:06.526819+00:00 GHSA Importer Affected by VCID-rnne-hzp6-e3hp https://github.com/advisories/GHSA-4vf6-mq7w-3hp6 38.6.0
2026-06-05T21:45:05.808768+00:00 GHSA Importer Affected by VCID-w2n5-5n2c-ryc8 https://github.com/advisories/GHSA-4v57-pwvf-x35j 38.6.0
2026-06-05T21:45:04.743097+00:00 GHSA Importer Affected by VCID-58xr-g2ea-z7ed https://github.com/advisories/GHSA-vvm3-rv48-j3g5 38.6.0
2026-06-05T21:45:01.070309+00:00 GHSA Importer Affected by VCID-wg7p-tvdc-6yh6 https://github.com/advisories/GHSA-j543-vg33-g6vj 38.6.0
2026-06-04T16:21:56.213670+00:00 GitLab Importer Affected by VCID-rnne-hzp6-e3hp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/GHSA-4vf6-mq7w-3hp6.yml 38.6.0
2026-06-04T16:21:55.555687+00:00 GitLab Importer Affected by VCID-58xr-g2ea-z7ed https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/GHSA-vvm3-rv48-j3g5.yml 38.6.0
2026-06-04T16:21:54.975252+00:00 GitLab Importer Affected by VCID-w2n5-5n2c-ryc8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/GHSA-4v57-pwvf-x35j.yml 38.6.0
2026-06-04T16:21:54.914581+00:00 GitLab Importer Affected by VCID-wg7p-tvdc-6yh6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/GHSA-j543-vg33-g6vj.yml 38.6.0
2026-06-02T04:36:03.393968+00:00 GitLab Importer Affected by VCID-e98a-dehh-ybbe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/ZF2010-03.yml 38.6.0
2026-06-02T04:36:03.364546+00:00 GitLab Importer Affected by VCID-6j4n-cucb-5fdy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/ZF2010-02.yml 38.6.0
2026-06-02T04:36:03.335958+00:00 GitLab Importer Affected by VCID-cp8b-e8wm-kfb3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/ZF2010-06.yml 38.6.0
2026-06-02T04:36:03.305342+00:00 GitLab Importer Affected by VCID-24xb-s5fu-xuc2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/ZF2010-05.yml 38.6.0