Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/yiisoft/yii2-gii@2.0.0-alpha
Typecomposer
Namespaceyiisoft
Nameyii2-gii
Version2.0.0-alpha
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-1yn3-2dn2-t7ec
vulnerability_id VCID-1yn3-2dn2-t7ec
summary 
Command injection in yiisoft/yii2-gii
Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36655
reference_id
reference_type
scores
0
value 0.04201
scoring_system epss
scoring_elements 0.88941
published_at 2026-06-05T12:55:00Z
1
value 0.04201
scoring_system epss
scoring_elements 0.88924
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36655
1
reference_url https://github.com/yiisoft/yii2-gii
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2-gii
2
reference_url https://github.com/yiisoft/yii2-gii/commit/ed61e0d85f43e23f79d7c9d1b4e5e5c09a32ce4b
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2-gii/commit/ed61e0d85f43e23f79d7c9d1b4e5e5c09a32ce4b
3
reference_url https://github.com/yiisoft/yii2-gii/issues/433
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-02T13:47:08Z/
url https://github.com/yiisoft/yii2-gii/issues/433
4
reference_url https://lab.wallarm.com/yii2-gii-remote-code-execution
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lab.wallarm.com/yii2-gii-remote-code-execution
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36655
reference_id CVE-2020-36655
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-36655
6
reference_url https://github.com/advisories/GHSA-3mpg-q26j-83j5
reference_id GHSA-3mpg-q26j-83j5
reference_type
scores
url https://github.com/advisories/GHSA-3mpg-q26j-83j5
7
reference_url https://lab.wallarm.com/yii2-gii-remote-code-execution/
reference_id yii2-gii-remote-code-execution
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-02T13:47:08Z/
url https://lab.wallarm.com/yii2-gii-remote-code-execution/
fixed_packages
0
url pkg:composer/yiisoft/yii2-gii@2.2.2
purl pkg:composer/yiisoft/yii2-gii@2.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j49j-9han-aug5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-gii@2.2.2
aliases CVE-2020-36655, GHSA-3mpg-q26j-83j5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1yn3-2dn2-t7ec
1
url VCID-hhby-y7fg-tqax
vulnerability_id VCID-hhby-y7fg-tqax
summary 
Cross-site Scripting
Cross-site scripting (XSS) vulnerability in Yii Framework allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-3397
reference_id
reference_type
scores
0
value 0.0033
scoring_system epss
scoring_elements 0.56227
published_at 2026-06-04T12:55:00Z
1
value 0.0033
scoring_system epss
scoring_elements 0.56282
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-3397
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2015-3397.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2015-3397.yaml
2
reference_url https://github.com/yiisoft/yii2/blob/2.0.4/framework/CHANGELOG.md
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/blob/2.0.4/framework/CHANGELOG.md
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-3397
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-3397
4
reference_url https://web.archive.org/web/20210122155403/http://www.securityfocus.com/bid/74663
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210122155403/http://www.securityfocus.com/bid/74663
5
reference_url https://www.yiiframework.com/news/86/yii-2-0-4-is-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.yiiframework.com/news/86/yii-2-0-4-is-released
6
reference_url https://www.yiiframework.com/news/86/yii-2-0-4-is-released/
reference_id
reference_type
scores
url https://www.yiiframework.com/news/86/yii-2-0-4-is-released/
7
reference_url http://www.securityfocus.com/bid/74663
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/74663
8
reference_url http://www.yiiframework.com/news/86/yii-2-0-4-is-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.yiiframework.com/news/86/yii-2-0-4-is-released
fixed_packages
0
url pkg:composer/yiisoft/yii2-gii@2.0.4
purl pkg:composer/yiisoft/yii2-gii@2.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yn3-2dn2-t7ec
1
vulnerability VCID-j49j-9han-aug5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-gii@2.0.4
aliases CVE-2015-3397, GHSA-w2xx-jp9f-gp8g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hhby-y7fg-tqax
2
url VCID-j49j-9han-aug5
vulnerability_id VCID-j49j-9han-aug5
summary 
Yii2 Gii Cross-site Scripting vulnerability
Some fields like Message Category (requires I18N enabled) in Model Generator, CRUD Generator or Form Generator, Author Name in Extension Generator, etc. are being cached without sanitisation of their contents when the Preview button is pressed. This leads to possibility of injecting malicious javascript in specified pages by placing it in said fields and caching it by pressing Preview button. On each consequent visit of specified pages malicious javascript will be loaded from server and executed in client's browser.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-34297
reference_id
reference_type
scores
0
value 0.00227
scoring_system epss
scoring_elements 0.45557
published_at 2026-06-05T12:55:00Z
1
value 0.00227
scoring_system epss
scoring_elements 0.45488
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-34297
1
reference_url https://gist.github.com/be4r/b5c48d97ef6726d3ee37f995ee5aac81
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T20:24:57Z/
url https://gist.github.com/be4r/b5c48d97ef6726d3ee37f995ee5aac81
2
reference_url https://github.com/yiisoft/yii2-gii
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2-gii
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-34297
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-34297
4
reference_url https://www.yiiframework.com/doc/guide/2.0/en/start-gii
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.yiiframework.com/doc/guide/2.0/en/start-gii
5
reference_url https://github.com/advisories/GHSA-x87m-36g7-6mpw
reference_id GHSA-x87m-36g7-6mpw
reference_type
scores
url https://github.com/advisories/GHSA-x87m-36g7-6mpw
fixed_packages
0
url pkg:composer/yiisoft/yii2-gii@2.2.5
purl pkg:composer/yiisoft/yii2-gii@2.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-gii@2.2.5
aliases CVE-2022-34297, GHSA-x87m-36g7-6mpw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j49j-9han-aug5
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-gii@2.0.0-alpha