VulnerableCode Package Details - pkg:composer/yiisoft/yii2-dev@2.0.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-6rub-m94d-jfct Aliases: CVE-2021-3689	Use of Insufficiently Random Values yii2 is vulnerable to use of predictable algorithm in a random number generator	2.0.43 Affected by 0 other vulnerabilities.
VCID-gb9u-t143-vker Aliases: CVE-2021-3692	Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator	2.0.43 Affected by 0 other vulnerabilities.
VCID-vf2s-s6dr-nqhf Aliases: CVE-2018-20745 GHSA-cr6r-6xm9-ww22	Origin Validation Error Yii actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.	2.0.16 Affected by 0 other vulnerabilities.
VCID-vhy5-48ge-vyat Aliases: CVE-2018-8074	Code Injection Yii allows remote attackers to inject unintended search conditions.	2.0.15 Affected by 0 other vulnerabilities.
VCID-xrgb-33bd-ckat Aliases: CVE-2023-26750	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-6rub-m94d-jfct
Aliases:
CVE-2021-3689

Use of Insufficiently Random Values yii2 is vulnerable to use of predictable algorithm in a random number generator

2.0.43
Affected by 0 other vulnerabilities.

VCID-gb9u-t143-vker
Aliases:
CVE-2021-3692

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator

2.0.43
Affected by 0 other vulnerabilities.

VCID-vf2s-s6dr-nqhf
Aliases:
CVE-2018-20745
GHSA-cr6r-6xm9-ww22

Origin Validation Error Yii actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.

2.0.16
Affected by 0 other vulnerabilities.

VCID-vhy5-48ge-vyat
Aliases:
CVE-2018-8074

Code Injection Yii allows remote attackers to inject unintended search conditions.

2.0.15
Affected by 0 other vulnerabilities.

VCID-xrgb-33bd-ckat
Aliases:
CVE-2023-26750

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:44:26.650690+00:00	GitLab Importer	Affected by	VCID-xrgb-33bd-ckat	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2023-26750.yml	38.6.0
2026-06-02T04:39:36.087438+00:00	GitLab Importer	Affected by	VCID-6rub-m94d-jfct	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2021-3689.yml	38.6.0
2026-06-02T04:39:36.015631+00:00	GitLab Importer	Affected by	VCID-gb9u-t143-vker	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2021-3692.yml	38.6.0
2026-06-02T04:38:50.891203+00:00	GitLab Importer	Affected by	VCID-vf2s-s6dr-nqhf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2018-20745.yml	38.6.0
2026-06-02T04:37:36.716247+00:00	GitLab Importer	Affected by	VCID-vhy5-48ge-vyat	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2018-8074.yml	38.6.0