Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/yiisoft/yii2-dev@2.0.12.2
purl pkg:composer/yiisoft/yii2-dev@2.0.12.2
Next non-vulnerable version 3.0.0-alpha1
Latest non-vulnerable version 3.0.0-alpha1
Risk 10.0
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-6rub-m94d-jfct
Aliases:
CVE-2021-3689
GHSA-hq3v-rg6f-6hx4
Use of Insufficiently Random Values yii2 is vulnerable to use of predictable algorithm in a random number generator
2.0.43
Affected by 2 other vulnerabilities.
VCID-gb9u-t143-vker
Aliases:
CVE-2021-3692
GHSA-wwvv-x5mq-h3jj
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
2.0.43
Affected by 2 other vulnerabilities.
VCID-gwmb-kcz9-d7b9
Aliases:
CVE-2020-15148
GHSA-699q-wcff-g9mj
Deserialization of Untrusted Data Yii 2 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input.
2.0.38
Affected by 4 other vulnerabilities.
VCID-vf2s-s6dr-nqhf
Aliases:
CVE-2018-20745
GHSA-cr6r-6xm9-ww22
Origin Validation Error Yii actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.
2.0.16
Affected by 5 other vulnerabilities.
3.0.0-alpha1
Affected by 0 other vulnerabilities.
VCID-x388-wd41-tkh3
Aliases:
CVE-2025-2689
GHSA-88m2-j94x-v4fx
yiisoft Yii2 Deserialization of Untrusted Data A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. Affected by this issue is the function getIterator of the file symfony\finder\Iterator\SortableIterator.php. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2.0.46
Affected by 1 other vulnerability.
VCID-xrgb-33bd-ckat
Aliases:
CVE-2023-26750
GHSA-gq63-p39p-jrjf
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function.
3.0.0-alpha1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-06T05:44:36.195348+00:00 GitLab Importer Affected by VCID-x388-wd41-tkh3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2025-2689.yml 38.6.0
2026-06-06T03:38:46.753666+00:00 GitLab Importer Affected by VCID-xrgb-33bd-ckat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2023-26750.yml 38.6.0
2026-06-06T00:49:55.940073+00:00 GitLab Importer Affected by VCID-6rub-m94d-jfct https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2021-3689.yml 38.6.0
2026-06-06T00:49:54.457840+00:00 GitLab Importer Affected by VCID-gb9u-t143-vker https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2021-3692.yml 38.6.0
2026-06-04T20:38:55.756525+00:00 GitLab Importer Affected by VCID-gwmb-kcz9-d7b9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2020-15148.yml 38.6.0
2026-06-04T20:18:40.798757+00:00 GitLab Importer Affected by VCID-vf2s-s6dr-nqhf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2018-20745.yml 38.6.0