Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/yiisoft/yii2@2.0.0-rc
Typecomposer
Namespaceyiisoft
Nameyii2
Version2.0.0-rc
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.0.52
Latest_non_vulnerable_version2.0.55
Affected_by_vulnerabilities
0
url VCID-4xj7-j7qz-2kd2
vulnerability_id VCID-4xj7-j7qz-2kd2
summary 
Information disclosure
Remote attackers can obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-6010
reference_id
reference_type
scores
0
value 0.01012
scoring_system epss
scoring_elements 0.77472
published_at 2026-06-04T12:55:00Z
1
value 0.01012
scoring_system epss
scoring_elements 0.77488
published_at 2026-06-08T12:55:00Z
2
value 0.01012
scoring_system epss
scoring_elements 0.77508
published_at 2026-06-06T12:55:00Z
3
value 0.01012
scoring_system epss
scoring_elements 0.77499
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-6010
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2018-6010.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2018-6010.yaml
2
reference_url https://github.com/yiisoft/yii2/commit/6b0be47e0fa9c532e03b07b4369050582fcf5c7a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/commit/6b0be47e0fa9c532e03b07b4369050582fcf5c7a
3
reference_url https://github.com/yiisoft/yii2-framework
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2-framework
4
reference_url https://github.com/yiisoft/yii2/issues/14711
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/issues/14711
5
reference_url https://github.com/yiisoft/yii2/pull/15534
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/pull/15534
6
reference_url https://www.yiiframework.com/news/165/yii-2-0-14-is-released
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.yiiframework.com/news/165/yii-2-0-14-is-released
7
reference_url http://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix/
reference_id
reference_type
scores
url http://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-6010
reference_id CVE-2018-6010
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-6010
9
reference_url https://github.com/advisories/GHSA-8gfq-c54m-3rf6
reference_id GHSA-8gfq-c54m-3rf6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8gfq-c54m-3rf6
fixed_packages
0
url pkg:composer/yiisoft/yii2@2.0.14
purl pkg:composer/yiisoft/yii2@2.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
3
vulnerability VCID-vf2s-s6dr-nqhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.14
aliases CVE-2018-6010, GHSA-8gfq-c54m-3rf6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4xj7-j7qz-2kd2
1
url VCID-7kx3-sxex-f7dz
vulnerability_id VCID-7kx3-sxex-f7dz
summary 
yiisoft/yii2 Mishandles the Attaching of Behavior Defined by a `__class` Array Key
Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-58136
reference_id
reference_type
scores
0
value 0.77265
scoring_system epss
scoring_elements 0.98995
published_at 2026-06-08T12:55:00Z
1
value 0.77265
scoring_system epss
scoring_elements 0.98997
published_at 2026-06-06T12:55:00Z
2
value 0.77265
scoring_system epss
scoring_elements 0.98996
published_at 2026-06-07T12:55:00Z
3
value 0.78947
scoring_system epss
scoring_elements 0.99079
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-58136
1
reference_url https://github.com/yiisoft/yii2
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2
2
reference_url https://github.com/yiisoft/yii2/commit/40fe496eda529fd1d933b56a1022ec32d3cd0b12
reference_id
reference_type
scores
0
value 9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-05-02T17:42:11Z/
url https://github.com/yiisoft/yii2/commit/40fe496eda529fd1d933b56a1022ec32d3cd0b12
3
reference_url https://github.com/yiisoft/yii2/compare/2.0.51...2.0.52
reference_id
reference_type
scores
0
value 9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-05-02T17:42:11Z/
url https://github.com/yiisoft/yii2/compare/2.0.51...2.0.52
4
reference_url https://github.com/yiisoft/yii2/pull/20232
reference_id
reference_type
scores
0
value 9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-05-02T17:42:11Z/
url https://github.com/yiisoft/yii2/pull/20232
5
reference_url https://github.com/yiisoft/yii2/pull/20232#issuecomment-2252459709
reference_id
reference_type
scores
0
value 9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-05-02T17:42:11Z/
url https://github.com/yiisoft/yii2/pull/20232#issuecomment-2252459709
6
reference_url https://sensepost.com/blog/2025/investigating-an-in-the-wild-campaign-using-rce-in-craftcms
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://sensepost.com/blog/2025/investigating-an-in-the-wild-campaign-using-rce-in-craftcms
7
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-58136
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-58136
8
reference_url https://www.yiiframework.com/news/709/please-upgrade-to-yii-2-0-52
reference_id
reference_type
scores
0
value 9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-05-02T17:42:11Z/
url https://www.yiiframework.com/news/709/please-upgrade-to-yii-2-0-52
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-58136
reference_id CVE-2024-58136
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-58136
10
reference_url https://github.com/advisories/GHSA-ggwg-cmwp-46r5
reference_id GHSA-ggwg-cmwp-46r5
reference_type
scores
url https://github.com/advisories/GHSA-ggwg-cmwp-46r5
fixed_packages
0
url pkg:composer/yiisoft/yii2@2.0.52
purl pkg:composer/yiisoft/yii2@2.0.52
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.52
aliases CVE-2024-58136, GHSA-ggwg-cmwp-46r5
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7kx3-sxex-f7dz
2
url VCID-gwmb-kcz9-d7b9
vulnerability_id VCID-gwmb-kcz9-d7b9
summary 
Deserialization of Untrusted Data
Yii 2 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15148
reference_id
reference_type
scores
0
value 0.93433
scoring_system epss
scoring_elements 0.99827
published_at 2026-06-08T12:55:00Z
1
value 0.93433
scoring_system epss
scoring_elements 0.99826
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15148
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2020-15148.yaml
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2020-15148.yaml
2
reference_url https://github.com/yiisoft/yii2/commit/9abccb96d7c5ddb569f92d1a748f50ee9b3e2b99
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/commit/9abccb96d7c5ddb569f92d1a748f50ee9b3e2b99
3
reference_url https://www.yiiframework.com/news/303/yii-2-0-38
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.yiiframework.com/news/303/yii-2-0-38
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15148
reference_id CVE-2020-15148
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15148
5
reference_url https://github.com/advisories/GHSA-699q-wcff-g9mj
reference_id GHSA-699q-wcff-g9mj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-699q-wcff-g9mj
6
reference_url https://github.com/yiisoft/yii2/security/advisories/GHSA-699q-wcff-g9mj
reference_id GHSA-699q-wcff-g9mj
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/security/advisories/GHSA-699q-wcff-g9mj
fixed_packages
0
url pkg:composer/yiisoft/yii2@2.0.38
purl pkg:composer/yiisoft/yii2@2.0.38
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.38
aliases CVE-2020-15148, GHSA-699q-wcff-g9mj
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gwmb-kcz9-d7b9
3
url VCID-hhby-y7fg-tqax
vulnerability_id VCID-hhby-y7fg-tqax
summary 
Cross-site Scripting
Cross-site scripting (XSS) vulnerability in Yii Framework allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-3397
reference_id
reference_type
scores
0
value 0.0033
scoring_system epss
scoring_elements 0.56282
published_at 2026-06-05T12:55:00Z
1
value 0.0033
scoring_system epss
scoring_elements 0.56275
published_at 2026-06-07T12:55:00Z
2
value 0.0033
scoring_system epss
scoring_elements 0.56288
published_at 2026-06-06T12:55:00Z
3
value 0.0033
scoring_system epss
scoring_elements 0.56227
published_at 2026-06-04T12:55:00Z
4
value 0.0033
scoring_system epss
scoring_elements 0.56259
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-3397
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2015-3397.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2015-3397.yaml
2
reference_url https://github.com/yiisoft/yii2/blob/2.0.4/framework/CHANGELOG.md
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/blob/2.0.4/framework/CHANGELOG.md
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-3397
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-3397
4
reference_url https://web.archive.org/web/20210122155403/http://www.securityfocus.com/bid/74663
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210122155403/http://www.securityfocus.com/bid/74663
5
reference_url https://www.yiiframework.com/news/86/yii-2-0-4-is-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.yiiframework.com/news/86/yii-2-0-4-is-released
6
reference_url https://www.yiiframework.com/news/86/yii-2-0-4-is-released/
reference_id
reference_type
scores
url https://www.yiiframework.com/news/86/yii-2-0-4-is-released/
7
reference_url http://www.securityfocus.com/bid/74663
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/74663
8
reference_url http://www.yiiframework.com/news/86/yii-2-0-4-is-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.yiiframework.com/news/86/yii-2-0-4-is-released
9
reference_url http://www.yiiframework.com/news/86/yii-2-0-4-is-released/
reference_id
reference_type
scores
url http://www.yiiframework.com/news/86/yii-2-0-4-is-released/
10
reference_url https://github.com/advisories/GHSA-w2xx-jp9f-gp8g
reference_id GHSA-w2xx-jp9f-gp8g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w2xx-jp9f-gp8g
fixed_packages
0
url pkg:composer/yiisoft/yii2@2.0.4
purl pkg:composer/yiisoft/yii2@2.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xj7-j7qz-2kd2
1
vulnerability VCID-7kx3-sxex-f7dz
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-mvyf-rrfg-xucc
4
vulnerability VCID-nnt3-u39w-yqa9
5
vulnerability VCID-uybn-p34d-pbga
6
vulnerability VCID-vf2s-s6dr-nqhf
7
vulnerability VCID-x788-tu9q-byfu
8
vulnerability VCID-y165-fy8y-2fcc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.4
aliases CVE-2015-3397, GHSA-w2xx-jp9f-gp8g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hhby-y7fg-tqax
4
url VCID-mvyf-rrfg-xucc
vulnerability_id VCID-mvyf-rrfg-xucc
summary 
Cross-site Scripting
A reflected Cross-site scripting exists in yii2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7271
reference_id
reference_type
scores
0
value 0.00285
scoring_system epss
scoring_elements 0.52171
published_at 2026-06-07T12:55:00Z
1
value 0.00285
scoring_system epss
scoring_elements 0.52141
published_at 2026-06-08T12:55:00Z
2
value 0.00285
scoring_system epss
scoring_elements 0.52182
published_at 2026-06-05T12:55:00Z
3
value 0.00285
scoring_system epss
scoring_elements 0.52122
published_at 2026-06-04T12:55:00Z
4
value 0.00285
scoring_system epss
scoring_elements 0.52191
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7271
1
reference_url https://github.com/yiisoft/yii2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2
2
reference_url https://github.com/yiisoft/yii2/commit/97171a0db7cda0a49931ee0c3b998ef50bd06756
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/commit/97171a0db7cda0a49931ee0c3b998ef50bd06756
3
reference_url https://github.com/yiisoft/yii2/pull/13401
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/pull/13401
4
reference_url https://web.archive.org/web/20210125191138/http://www.securityfocus.com/bid/97167
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210125191138/http://www.securityfocus.com/bid/97167
5
reference_url http://www.yiiframework.com/news/123/yii-2-0-11-is-released
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.yiiframework.com/news/123/yii-2-0-11-is-released
6
reference_url http://www.yiiframework.com/news/123/yii-2-0-11-is-released/
reference_id
reference_type
scores
url http://www.yiiframework.com/news/123/yii-2-0-11-is-released/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7271
reference_id CVE-2017-7271
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-7271
8
reference_url https://github.com/advisories/GHSA-4xh9-5vh8-3p58
reference_id GHSA-4xh9-5vh8-3p58
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4xh9-5vh8-3p58
fixed_packages
0
url pkg:composer/yiisoft/yii2@2.0.11
purl pkg:composer/yiisoft/yii2@2.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xj7-j7qz-2kd2
1
vulnerability VCID-7kx3-sxex-f7dz
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-nnt3-u39w-yqa9
4
vulnerability VCID-vf2s-s6dr-nqhf
5
vulnerability VCID-x788-tu9q-byfu
6
vulnerability VCID-y165-fy8y-2fcc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.11
aliases CVE-2017-7271, GHSA-4xh9-5vh8-3p58
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mvyf-rrfg-xucc
5
url VCID-nnt3-u39w-yqa9
vulnerability_id VCID-nnt3-u39w-yqa9
summary 
Unsafe Reflection in base Component class in yiisoft/yii2
Yii2 supports attaching Behaviors to Components by setting properties having the format `'as <behaviour-name>'`.

Internally this is done using the `__set()` magic method. If the value passed to this method is not an instance of the `Behavior` class, a new object is instantiated using `Yii::createObject($value)`. However, there is no validation check that verifies that `$value` is a valid `Behavior` class name or configuration. An attacker that can control the content of the $value variable can then instantiate arbitrary classes, passing parameters to their constructors and then invoking setter methods.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-4990
reference_id
reference_type
scores
0
value 0.002
scoring_system epss
scoring_elements 0.41971
published_at 2026-06-08T12:55:00Z
1
value 0.002
scoring_system epss
scoring_elements 0.42007
published_at 2026-06-07T12:55:00Z
2
value 0.002
scoring_system epss
scoring_elements 0.42035
published_at 2026-06-06T12:55:00Z
3
value 0.002
scoring_system epss
scoring_elements 0.42025
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-4990
1
reference_url https://github.com/yiisoft/yii2
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2
2
reference_url https://github.com/yiisoft/yii2/blob/master/framework/CHANGELOG.md#2050-may-30-2024
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/blob/master/framework/CHANGELOG.md#2050-may-30-2024
3
reference_url https://github.com/yiisoft/yii2/commit/628d406bfafb80fc32147837888c0057d89a021e
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/commit/628d406bfafb80fc32147837888c0057d89a021e
4
reference_url https://github.com/yiisoft/yii2/commit/62d081f18c3602d09e7d075bba3a0ca5c313f0b4
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/commit/62d081f18c3602d09e7d075bba3a0ca5c313f0b4
5
reference_url https://github.com/yiisoft/yii2/pull/20183
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/pull/20183
6
reference_url https://huntr.com/bounties/4fbdd965-02b6-42e4-b57b-f98f93415b8f
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-20T13:30:40Z/
url https://huntr.com/bounties/4fbdd965-02b6-42e4-b57b-f98f93415b8f
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-4990
reference_id CVE-2024-4990
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-4990
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2024-4990.yaml
reference_id CVE-2024-4990.YAML
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2024-4990.yaml
9
reference_url https://github.com/advisories/GHSA-cjcc-p67m-7qxm
reference_id GHSA-cjcc-p67m-7qxm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cjcc-p67m-7qxm
10
reference_url https://github.com/yiisoft/yii2/security/advisories/GHSA-cjcc-p67m-7qxm
reference_id GHSA-cjcc-p67m-7qxm
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/security/advisories/GHSA-cjcc-p67m-7qxm
fixed_packages
0
url pkg:composer/yiisoft/yii2@2.0.49%2B4
purl pkg:composer/yiisoft/yii2@2.0.49%2B4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.49%252B4
1
url pkg:composer/yiisoft/yii2@2.0.50
purl pkg:composer/yiisoft/yii2@2.0.50
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.50
aliases CVE-2024-4990, GHSA-cjcc-p67m-7qxm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nnt3-u39w-yqa9
6
url VCID-uybn-p34d-pbga
vulnerability_id VCID-uybn-p34d-pbga
summary 
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Class `yii\web\ViewAction` allowed to include arbitrary files that end with `.php`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5467
reference_id
reference_type
scores
0
value 0.00137
scoring_system epss
scoring_elements 0.33436
published_at 2026-06-05T12:55:00Z
1
value 0.00137
scoring_system epss
scoring_elements 0.33383
published_at 2026-06-08T12:55:00Z
2
value 0.00137
scoring_system epss
scoring_elements 0.33335
published_at 2026-06-04T12:55:00Z
3
value 0.00137
scoring_system epss
scoring_elements 0.33417
published_at 2026-06-07T12:55:00Z
4
value 0.00137
scoring_system epss
scoring_elements 0.33452
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5467
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2015-5467.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2015-5467.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-dev/CVE-2015-5467.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-25T13:30:55Z/
url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-dev/CVE-2015-5467.yaml
3
reference_url https://github.com/yiisoft/yii2-framework
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2-framework
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5467
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5467
5
reference_url https://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-25T13:30:55Z/
url https://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix
6
reference_url https://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix/
reference_id
reference_type
scores
url https://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix/
7
reference_url https://github.com/advisories/GHSA-7cfq-72w2-24q4
reference_id GHSA-7cfq-72w2-24q4
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7cfq-72w2-24q4
fixed_packages
0
url pkg:composer/yiisoft/yii2@2.0.5
purl pkg:composer/yiisoft/yii2@2.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xj7-j7qz-2kd2
1
vulnerability VCID-7kx3-sxex-f7dz
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-mvyf-rrfg-xucc
4
vulnerability VCID-nnt3-u39w-yqa9
5
vulnerability VCID-vf2s-s6dr-nqhf
6
vulnerability VCID-x788-tu9q-byfu
7
vulnerability VCID-y165-fy8y-2fcc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.5
aliases CVE-2015-5467, GHSA-7cfq-72w2-24q4
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uybn-p34d-pbga
7
url VCID-vf2s-s6dr-nqhf
vulnerability_id VCID-vf2s-s6dr-nqhf
summary 
Origin Validation Error
Yii actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20745
reference_id
reference_type
scores
0
value 0.00118
scoring_system epss
scoring_elements 0.30248
published_at 2026-06-06T12:55:00Z
1
value 0.00118
scoring_system epss
scoring_elements 0.30188
published_at 2026-06-08T12:55:00Z
2
value 0.00118
scoring_system epss
scoring_elements 0.30219
published_at 2026-06-07T12:55:00Z
3
value 0.00118
scoring_system epss
scoring_elements 0.3021
published_at 2026-06-04T12:55:00Z
4
value 0.00118
scoring_system epss
scoring_elements 0.30284
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20745
1
reference_url https://github.com/yiisoft/yii2/issues/16193
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/issues/16193
2
reference_url https://github.com/yiisoft/yii2/pull/16198
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/pull/16198
3
reference_url https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-20745
reference_id CVE-2018-20745
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-20745
5
reference_url https://github.com/advisories/GHSA-cr6r-6xm9-ww22
reference_id GHSA-cr6r-6xm9-ww22
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cr6r-6xm9-ww22
fixed_packages
0
url pkg:composer/yiisoft/yii2@2.0.16
purl pkg:composer/yiisoft/yii2@2.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.16
aliases CVE-2018-20745, GHSA-cr6r-6xm9-ww22
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vf2s-s6dr-nqhf
8
url VCID-x788-tu9q-byfu
vulnerability_id VCID-x788-tu9q-byfu
summary 
CSRF vulnerability in switchIdentiy
The `switchIdentity()` function in `web/User.php` did not regenerate the CSRF token upon a change of identity.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-6009
reference_id
reference_type
scores
0
value 0.00168
scoring_system epss
scoring_elements 0.37716
published_at 2026-06-05T12:55:00Z
1
value 0.00168
scoring_system epss
scoring_elements 0.37649
published_at 2026-06-08T12:55:00Z
2
value 0.00168
scoring_system epss
scoring_elements 0.37688
published_at 2026-06-07T12:55:00Z
3
value 0.00168
scoring_system epss
scoring_elements 0.37719
published_at 2026-06-06T12:55:00Z
4
value 0.00168
scoring_system epss
scoring_elements 0.37623
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-6009
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2018-6009.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2018-6009.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-dev/CVE-2018-6009.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-dev/CVE-2018-6009.yaml
3
reference_url https://github.com/yiisoft/yii2/commit/6c0540aa2d6e0fe0fa89e4fd35bba4be5d6cece7
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/commit/6c0540aa2d6e0fe0fa89e4fd35bba4be5d6cece7
4
reference_url https://github.com/yiisoft/yii2-framework
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2-framework
5
reference_url https://www.yiiframework.com/news/165/yii-2-0-14-is-released
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.yiiframework.com/news/165/yii-2-0-14-is-released
6
reference_url http://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix/
reference_id
reference_type
scores
url http://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-6009
reference_id CVE-2018-6009
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-6009
8
reference_url https://github.com/advisories/GHSA-cwhm-272p-3wj9
reference_id GHSA-cwhm-272p-3wj9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cwhm-272p-3wj9
fixed_packages
0
url pkg:composer/yiisoft/yii2@2.0.14
purl pkg:composer/yiisoft/yii2@2.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
3
vulnerability VCID-vf2s-s6dr-nqhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.14
aliases CVE-2018-6009, GHSA-cwhm-272p-3wj9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x788-tu9q-byfu
9
url VCID-y165-fy8y-2fcc
vulnerability_id VCID-y165-fy8y-2fcc
summary The `findByCondition` function in `framework/db/ActiveRecord.php` allows remote attackers to conduct SQL injection attacks via a `findOne()` or `findAll()à call, unless a developer recognizes an undocumented need to sanitize array input.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7269
reference_id
reference_type
scores
0
value 0.0061
scoring_system epss
scoring_elements 0.70184
published_at 2026-06-05T12:55:00Z
1
value 0.0061
scoring_system epss
scoring_elements 0.70164
published_at 2026-06-08T12:55:00Z
2
value 0.0061
scoring_system epss
scoring_elements 0.70175
published_at 2026-06-07T12:55:00Z
3
value 0.0061
scoring_system epss
scoring_elements 0.70192
published_at 2026-06-06T12:55:00Z
4
value 0.0061
scoring_system epss
scoring_elements 0.70141
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7269
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-dev/CVE-2018-7269.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-dev/CVE-2018-7269.yaml
2
reference_url https://github.com/yiisoft/yii2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2
3
reference_url https://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-7269
reference_id CVE-2018-7269
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-7269
5
reference_url https://github.com/advisories/GHSA-hhg2-g6h6-c266
reference_id GHSA-hhg2-g6h6-c266
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hhg2-g6h6-c266
fixed_packages
0
url pkg:composer/yiisoft/yii2@2.0.12.1
purl pkg:composer/yiisoft/yii2@2.0.12.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
3
vulnerability VCID-v3nu-bzav-vfc8
4
vulnerability VCID-vf2s-s6dr-nqhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.12.1
1
url pkg:composer/yiisoft/yii2@2.0.12%2B1
purl pkg:composer/yiisoft/yii2@2.0.12%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.12%252B1
2
url pkg:composer/yiisoft/yii2@2.0.13.2
purl pkg:composer/yiisoft/yii2@2.0.13.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
3
vulnerability VCID-vf2s-s6dr-nqhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.13.2
3
url pkg:composer/yiisoft/yii2@2.0.13%2B2
purl pkg:composer/yiisoft/yii2@2.0.13%2B2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.13%252B2
4
url pkg:composer/yiisoft/yii2@2.0.15
purl pkg:composer/yiisoft/yii2@2.0.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
3
vulnerability VCID-vf2s-s6dr-nqhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.15
aliases CVE-2018-7269, GHSA-hhg2-g6h6-c266
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y165-fy8y-2fcc
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.0-rc