Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/yiisoft/yii2-dev@2.0.14
purl pkg:composer/yiisoft/yii2-dev@2.0.14
Next non-vulnerable version 3.0.0-alpha1
Latest non-vulnerable version 3.0.0-alpha1
Risk 10.0
Vulnerabilities affecting this package (8)
Vulnerability Summary Fixed by
VCID-6rub-m94d-jfct
Aliases:
CVE-2021-3689
GHSA-hq3v-rg6f-6hx4
Use of Insufficiently Random Values yii2 is vulnerable to use of predictable algorithm in a random number generator
2.0.43
Affected by 2 other vulnerabilities.
VCID-gb9u-t143-vker
Aliases:
CVE-2021-3692
GHSA-wwvv-x5mq-h3jj
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
2.0.43
Affected by 2 other vulnerabilities.
VCID-gwmb-kcz9-d7b9
Aliases:
CVE-2020-15148
GHSA-699q-wcff-g9mj
Deserialization of Untrusted Data Yii 2 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input.
2.0.38
Affected by 4 other vulnerabilities.
VCID-jkfv-pxp7-9qba
Aliases:
CVE-2018-8073
GHSA-4hx3-m8w5-g5qh
Remote code execution Redis extension of Yii 2 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack.
2.0.15
Affected by 6 other vulnerabilities.
VCID-vf2s-s6dr-nqhf
Aliases:
CVE-2018-20745
GHSA-cr6r-6xm9-ww22
Origin Validation Error Yii actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.
2.0.16
Affected by 5 other vulnerabilities.
3.0.0-alpha1
Affected by 0 other vulnerabilities.
VCID-vhy5-48ge-vyat
Aliases:
CVE-2018-8074
GHSA-m2p5-fwp2-qcw2
Code Injection Yii allows remote attackers to inject unintended search conditions.
2.0.15
Affected by 6 other vulnerabilities.
VCID-x388-wd41-tkh3
Aliases:
CVE-2025-2689
GHSA-88m2-j94x-v4fx
yiisoft Yii2 Deserialization of Untrusted Data A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. Affected by this issue is the function getIterator of the file symfony\finder\Iterator\SortableIterator.php. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2.0.46
Affected by 1 other vulnerability.
VCID-xrgb-33bd-ckat
Aliases:
CVE-2023-26750
GHSA-gq63-p39p-jrjf
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function.
3.0.0-alpha1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-4xj7-j7qz-2kd2 Information disclosure Remote attackers can obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode. CVE-2018-6010
GHSA-8gfq-c54m-3rf6
VCID-x788-tu9q-byfu CSRF vulnerability in switchIdentiy The `switchIdentity()` function in `web/User.php` did not regenerate the CSRF token upon a change of identity. CVE-2018-6009
GHSA-cwhm-272p-3wj9

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-06T05:44:36.218733+00:00 GitLab Importer Affected by VCID-x388-wd41-tkh3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2025-2689.yml 38.6.0
2026-06-06T03:38:46.773502+00:00 GitLab Importer Affected by VCID-xrgb-33bd-ckat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2023-26750.yml 38.6.0
2026-06-06T00:49:55.960072+00:00 GitLab Importer Affected by VCID-6rub-m94d-jfct https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2021-3689.yml 38.6.0
2026-06-06T00:49:54.477478+00:00 GitLab Importer Affected by VCID-gb9u-t143-vker https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2021-3692.yml 38.6.0
2026-06-04T20:38:55.778404+00:00 GitLab Importer Affected by VCID-gwmb-kcz9-d7b9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2020-15148.yml 38.6.0
2026-06-04T20:18:40.821239+00:00 GitLab Importer Affected by VCID-vf2s-s6dr-nqhf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2018-20745.yml 38.6.0
2026-06-04T20:11:38.966054+00:00 GitLab Importer Affected by VCID-jkfv-pxp7-9qba https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2018-8073.yml 38.6.0
2026-06-04T20:11:38.840143+00:00 GitLab Importer Affected by VCID-vhy5-48ge-vyat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2018-8074.yml 38.6.0
2026-06-04T17:53:48.370460+00:00 GithubOSV Importer Fixing VCID-x788-tu9q-byfu https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cwhm-272p-3wj9/GHSA-cwhm-272p-3wj9.json 38.6.0
2026-06-02T04:37:27.699429+00:00 GitLab Importer Fixing VCID-x788-tu9q-byfu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2018-6009.yml 38.6.0
2026-06-02T04:37:27.614362+00:00 GitLab Importer Fixing VCID-4xj7-j7qz-2kd2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/yiisoft/yii2-dev/CVE-2018-6010.yml 38.6.0