VulnerableCode Package Details - pkg:composer/yiisoft/yii2-dev@2.0.11.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/yiisoft/yii2-dev@2.0.11.1

Essentials
History (11)

purl	pkg:composer/yiisoft/yii2-dev@2.0.11.1

Next non-vulnerable version	3.0.0-alpha1
Latest non-vulnerable version	3.0.0-alpha1
Risk	10.0

Vulnerabilities affecting this package (11)

Vulnerability	Summary	Fixed by
VCID-5jvj-gf1t-vbec Aliases: CVE-2021-3689 GHSA-hq3v-rg6f-6hx4		2.0.43 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-5y3e-r1nd-4yhn Aliases: CVE-2018-6009 GHSA-cwhm-272p-3wj9		2.0.14 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-6kwn-8j48-buf3 Aliases: CVE-2023-26750 GHSA-gq63-p39p-jrjf	SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function. NOTE: the software maintainer's position is that the vulnerability is in third-party code, not in the framework.	3.0.0-alpha1 Affected by 0 other vulnerabilities.
VCID-84su-9ye2-33h6 Aliases: CVE-2018-6010 GHSA-8gfq-c54m-3rf6	Yii Framework reflected Cross-site Scripting	2.0.14 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-p45w-ujch-8kaw Aliases: CVE-2018-20745 GHSA-cr6r-6xm9-ww22		2.0.16 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.0.0-alpha1 Affected by 0 other vulnerabilities.
VCID-pct5-d8z2-h3as Aliases: CVE-2021-3692 GHSA-wwvv-x5mq-h3jj		2.0.43 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-qpq4-v1by-rbek Aliases: CVE-2025-2689 GHSA-88m2-j94x-v4fx	A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. Affected by this issue is the function getIterator of the file symfony\finder\Iterator\SortableIterator.php. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.	2.0.46 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-rn2q-5ngn-6fhk Aliases: CVE-2020-15148 GHSA-699q-wcff-g9mj	Unsafe deserialization in Yii 2	2.0.38 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rvmx-etx6-uqc5 Aliases: CVE-2018-8073 GHSA-4hx3-m8w5-g5qh		2.0.15 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-tfpw-r622-ckfk Aliases: CVE-2018-8074 GHSA-m2p5-fwp2-qcw2		2.0.15 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vgz3-yu1u-8bg6 Aliases: CVE-2018-7269 GHSA-hhg2-g6h6-c266		2.0.12.1 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.0.12+1 Affected by 0 other vulnerabilities. 2.0.13.2 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.0.13+2 Affected by 0 other vulnerabilities. 2.0.15 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T19:57:02.290017+00:00	GitLab Importer	Affected by	VCID-qpq4-v1by-rbek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2025-2689.yml	38.6.0
2026-06-12T18:51:26.676785+00:00	GitLab Importer	Affected by	VCID-6kwn-8j48-buf3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2023-26750.yml	38.6.0
2026-06-12T17:45:00.505484+00:00	GitLab Importer	Affected by	VCID-5jvj-gf1t-vbec	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2021-3689.yml	38.6.0
2026-06-12T17:44:59.985786+00:00	GitLab Importer	Affected by	VCID-pct5-d8z2-h3as	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2021-3692.yml	38.6.0
2026-06-12T17:27:39.180271+00:00	GitLab Importer	Affected by	VCID-rn2q-5ngn-6fhk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2020-15148.yml	38.6.0
2026-06-12T17:07:49.385977+00:00	GitLab Importer	Affected by	VCID-p45w-ujch-8kaw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2018-20745.yml	38.6.0
2026-06-12T16:58:21.872525+00:00	GitLab Importer	Affected by	VCID-rvmx-etx6-uqc5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2018-8073.yml	38.6.0
2026-06-12T16:58:21.653847+00:00	GitLab Importer	Affected by	VCID-tfpw-r622-ckfk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2018-8074.yml	38.6.0
2026-06-12T16:58:21.442275+00:00	GitLab Importer	Affected by	VCID-vgz3-yu1u-8bg6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2018-7269.yml	38.6.0
2026-06-12T16:57:15.756025+00:00	GitLab Importer	Affected by	VCID-5y3e-r1nd-4yhn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2018-6009.yml	38.6.0
2026-06-12T16:57:15.329054+00:00	GitLab Importer	Affected by	VCID-84su-9ye2-33h6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2018-6010.yml	38.6.0