Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/yiisoft/yii2-dev@2.0.3
Typecomposer
Namespaceyiisoft
Nameyii2-dev
Version2.0.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.0.0-alpha1
Latest_non_vulnerable_version3.0.0-alpha1
Affected_by_vulnerabilities
0
url VCID-4xj7-j7qz-2kd2
vulnerability_id VCID-4xj7-j7qz-2kd2
summary 
Information disclosure
Remote attackers can obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-6010
reference_id
reference_type
scores
0
value 0.01012
scoring_system epss
scoring_elements 0.77472
published_at 2026-06-04T12:55:00Z
1
value 0.01012
scoring_system epss
scoring_elements 0.77508
published_at 2026-06-06T12:55:00Z
2
value 0.01012
scoring_system epss
scoring_elements 0.77499
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-6010
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2018-6010.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2018-6010.yaml
2
reference_url https://github.com/yiisoft/yii2/commit/6b0be47e0fa9c532e03b07b4369050582fcf5c7a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/commit/6b0be47e0fa9c532e03b07b4369050582fcf5c7a
3
reference_url https://github.com/yiisoft/yii2-framework
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2-framework
4
reference_url https://github.com/yiisoft/yii2/issues/14711
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/issues/14711
5
reference_url https://github.com/yiisoft/yii2/pull/15534
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/pull/15534
6
reference_url https://www.yiiframework.com/news/165/yii-2-0-14-is-released
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.yiiframework.com/news/165/yii-2-0-14-is-released
7
reference_url http://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix/
reference_id
reference_type
scores
url http://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-6010
reference_id CVE-2018-6010
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-6010
9
reference_url https://github.com/advisories/GHSA-8gfq-c54m-3rf6
reference_id GHSA-8gfq-c54m-3rf6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8gfq-c54m-3rf6
fixed_packages
0
url pkg:composer/yiisoft/yii2-dev@2.0.14
purl pkg:composer/yiisoft/yii2-dev@2.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6rub-m94d-jfct
1
vulnerability VCID-gb9u-t143-vker
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-jkfv-pxp7-9qba
4
vulnerability VCID-vf2s-s6dr-nqhf
5
vulnerability VCID-vhy5-48ge-vyat
6
vulnerability VCID-x388-wd41-tkh3
7
vulnerability VCID-xrgb-33bd-ckat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.14
aliases CVE-2018-6010, GHSA-8gfq-c54m-3rf6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4xj7-j7qz-2kd2
1
url VCID-6rub-m94d-jfct
vulnerability_id VCID-6rub-m94d-jfct
summary 
Use of Insufficiently Random Values
yii2 is vulnerable to use of predictable algorithm in a random number generator
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3689
reference_id
reference_type
scores
0
value 0.00449
scoring_system epss
scoring_elements 0.63925
published_at 2026-06-04T12:55:00Z
1
value 0.00449
scoring_system epss
scoring_elements 0.63965
published_at 2026-06-07T12:55:00Z
2
value 0.00449
scoring_system epss
scoring_elements 0.63976
published_at 2026-06-06T12:55:00Z
3
value 0.00449
scoring_system epss
scoring_elements 0.63968
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3689
1
reference_url https://github.com/yiisoft/yii2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2
2
reference_url https://github.com/yiisoft/yii2/commit/13f27e4d920a05d53236139e8b07007acd046a46
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/commit/13f27e4d920a05d53236139e8b07007acd046a46
3
reference_url https://huntr.dev/bounties/50aad1d4-eb00-4573-b8a4-dbe38e2c229f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/50aad1d4-eb00-4573-b8a4-dbe38e2c229f
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3689
reference_id CVE-2021-3689
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3689
5
reference_url https://github.com/advisories/GHSA-hq3v-rg6f-6hx4
reference_id GHSA-hq3v-rg6f-6hx4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hq3v-rg6f-6hx4
fixed_packages
0
url pkg:composer/yiisoft/yii2-dev@2.0.43
purl pkg:composer/yiisoft/yii2-dev@2.0.43
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x388-wd41-tkh3
1
vulnerability VCID-xrgb-33bd-ckat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.43
aliases CVE-2021-3689, GHSA-hq3v-rg6f-6hx4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6rub-m94d-jfct
2
url VCID-gb9u-t143-vker
vulnerability_id VCID-gb9u-t143-vker
summary 
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3692
reference_id
reference_type
scores
0
value 0.00358
scoring_system epss
scoring_elements 0.5833
published_at 2026-06-04T12:55:00Z
1
value 0.00358
scoring_system epss
scoring_elements 0.58376
published_at 2026-06-07T12:55:00Z
2
value 0.00358
scoring_system epss
scoring_elements 0.58385
published_at 2026-06-06T12:55:00Z
3
value 0.00358
scoring_system epss
scoring_elements 0.58377
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3692
1
reference_url https://github.com/yiisoft/yii2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2
2
reference_url https://github.com/yiisoft/yii2/commit/13f27e4d920a05d53236139e8b07007acd046a46
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/commit/13f27e4d920a05d53236139e8b07007acd046a46
3
reference_url https://huntr.dev/bounties/55517f19-5c28-4db2-8b00-f78f841e8aba
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/55517f19-5c28-4db2-8b00-f78f841e8aba
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3692
reference_id CVE-2021-3692
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3692
5
reference_url https://github.com/advisories/GHSA-wwvv-x5mq-h3jj
reference_id GHSA-wwvv-x5mq-h3jj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wwvv-x5mq-h3jj
fixed_packages
0
url pkg:composer/yiisoft/yii2-dev@2.0.43
purl pkg:composer/yiisoft/yii2-dev@2.0.43
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x388-wd41-tkh3
1
vulnerability VCID-xrgb-33bd-ckat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.43
aliases CVE-2021-3692, GHSA-wwvv-x5mq-h3jj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gb9u-t143-vker
3
url VCID-gwmb-kcz9-d7b9
vulnerability_id VCID-gwmb-kcz9-d7b9
summary 
Deserialization of Untrusted Data
Yii 2 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15148
reference_id
reference_type
scores
0
value 0.93433
scoring_system epss
scoring_elements 0.99827
published_at 2026-06-05T12:55:00Z
1
value 0.93433
scoring_system epss
scoring_elements 0.99826
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15148
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2020-15148.yaml
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2020-15148.yaml
2
reference_url https://github.com/yiisoft/yii2/commit/9abccb96d7c5ddb569f92d1a748f50ee9b3e2b99
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/commit/9abccb96d7c5ddb569f92d1a748f50ee9b3e2b99
3
reference_url https://www.yiiframework.com/news/303/yii-2-0-38
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.yiiframework.com/news/303/yii-2-0-38
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15148
reference_id CVE-2020-15148
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15148
5
reference_url https://github.com/advisories/GHSA-699q-wcff-g9mj
reference_id GHSA-699q-wcff-g9mj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-699q-wcff-g9mj
6
reference_url https://github.com/yiisoft/yii2/security/advisories/GHSA-699q-wcff-g9mj
reference_id GHSA-699q-wcff-g9mj
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/security/advisories/GHSA-699q-wcff-g9mj
fixed_packages
0
url pkg:composer/yiisoft/yii2-dev@2.0.38
purl pkg:composer/yiisoft/yii2-dev@2.0.38
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6rub-m94d-jfct
1
vulnerability VCID-gb9u-t143-vker
2
vulnerability VCID-x388-wd41-tkh3
3
vulnerability VCID-xrgb-33bd-ckat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.38
aliases CVE-2020-15148, GHSA-699q-wcff-g9mj
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gwmb-kcz9-d7b9
4
url VCID-hhby-y7fg-tqax
vulnerability_id VCID-hhby-y7fg-tqax
summary 
Cross-site Scripting
Cross-site scripting (XSS) vulnerability in Yii Framework allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-3397
reference_id
reference_type
scores
0
value 0.0033
scoring_system epss
scoring_elements 0.56227
published_at 2026-06-04T12:55:00Z
1
value 0.0033
scoring_system epss
scoring_elements 0.56275
published_at 2026-06-07T12:55:00Z
2
value 0.0033
scoring_system epss
scoring_elements 0.56288
published_at 2026-06-06T12:55:00Z
3
value 0.0033
scoring_system epss
scoring_elements 0.56282
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-3397
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2015-3397.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2015-3397.yaml
2
reference_url https://github.com/yiisoft/yii2/blob/2.0.4/framework/CHANGELOG.md
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/blob/2.0.4/framework/CHANGELOG.md
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-3397
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-3397
4
reference_url https://web.archive.org/web/20210122155403/http://www.securityfocus.com/bid/74663
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210122155403/http://www.securityfocus.com/bid/74663
5
reference_url https://www.yiiframework.com/news/86/yii-2-0-4-is-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.yiiframework.com/news/86/yii-2-0-4-is-released
6
reference_url https://www.yiiframework.com/news/86/yii-2-0-4-is-released/
reference_id
reference_type
scores
url https://www.yiiframework.com/news/86/yii-2-0-4-is-released/
7
reference_url http://www.securityfocus.com/bid/74663
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/74663
8
reference_url http://www.yiiframework.com/news/86/yii-2-0-4-is-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.yiiframework.com/news/86/yii-2-0-4-is-released
fixed_packages
0
url pkg:composer/yiisoft/yii2-dev@2.0.4
purl pkg:composer/yiisoft/yii2-dev@2.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xj7-j7qz-2kd2
1
vulnerability VCID-6rub-m94d-jfct
2
vulnerability VCID-gb9u-t143-vker
3
vulnerability VCID-gwmb-kcz9-d7b9
4
vulnerability VCID-jkfv-pxp7-9qba
5
vulnerability VCID-uybn-p34d-pbga
6
vulnerability VCID-vf2s-s6dr-nqhf
7
vulnerability VCID-vhy5-48ge-vyat
8
vulnerability VCID-x388-wd41-tkh3
9
vulnerability VCID-x788-tu9q-byfu
10
vulnerability VCID-xrgb-33bd-ckat
11
vulnerability VCID-y165-fy8y-2fcc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.4
aliases CVE-2015-3397, GHSA-w2xx-jp9f-gp8g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hhby-y7fg-tqax
5
url VCID-jkfv-pxp7-9qba
vulnerability_id VCID-jkfv-pxp7-9qba
summary 
Remote code execution
Redis extension of Yii 2 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-8073
reference_id
reference_type
scores
0
value 0.00911
scoring_system epss
scoring_elements 0.76206
published_at 2026-06-04T12:55:00Z
1
value 0.00911
scoring_system epss
scoring_elements 0.76226
published_at 2026-06-07T12:55:00Z
2
value 0.00911
scoring_system epss
scoring_elements 0.76233
published_at 2026-06-06T12:55:00Z
3
value 0.00911
scoring_system epss
scoring_elements 0.76231
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-8073
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-redis/CVE-2018-8073.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-redis/CVE-2018-8073.yaml
2
reference_url https://github.com/yiisoft/yii2-redis
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2-redis
3
reference_url https://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes
4
reference_url http://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8073
reference_id CVE-2018-8073
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-8073
fixed_packages
0
url pkg:composer/yiisoft/yii2-dev@2.0.15
purl pkg:composer/yiisoft/yii2-dev@2.0.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6rub-m94d-jfct
1
vulnerability VCID-gb9u-t143-vker
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-vf2s-s6dr-nqhf
4
vulnerability VCID-x388-wd41-tkh3
5
vulnerability VCID-xrgb-33bd-ckat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.15
aliases CVE-2018-8073, GHSA-4hx3-m8w5-g5qh
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jkfv-pxp7-9qba
6
url VCID-uybn-p34d-pbga
vulnerability_id VCID-uybn-p34d-pbga
summary 
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Class `yii\web\ViewAction` allowed to include arbitrary files that end with `.php`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5467
reference_id
reference_type
scores
0
value 0.00137
scoring_system epss
scoring_elements 0.33436
published_at 2026-06-05T12:55:00Z
1
value 0.00137
scoring_system epss
scoring_elements 0.33417
published_at 2026-06-07T12:55:00Z
2
value 0.00137
scoring_system epss
scoring_elements 0.33452
published_at 2026-06-06T12:55:00Z
3
value 0.00137
scoring_system epss
scoring_elements 0.33335
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5467
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2015-5467.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2015-5467.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-dev/CVE-2015-5467.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-25T13:30:55Z/
url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-dev/CVE-2015-5467.yaml
3
reference_url https://github.com/yiisoft/yii2-framework
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2-framework
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5467
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5467
5
reference_url https://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-25T13:30:55Z/
url https://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix
6
reference_url https://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix/
reference_id
reference_type
scores
url https://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix/
7
reference_url https://github.com/advisories/GHSA-7cfq-72w2-24q4
reference_id GHSA-7cfq-72w2-24q4
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7cfq-72w2-24q4
fixed_packages
0
url pkg:composer/yiisoft/yii2-dev@2.0.5
purl pkg:composer/yiisoft/yii2-dev@2.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xj7-j7qz-2kd2
1
vulnerability VCID-6rub-m94d-jfct
2
vulnerability VCID-gb9u-t143-vker
3
vulnerability VCID-gwmb-kcz9-d7b9
4
vulnerability VCID-jkfv-pxp7-9qba
5
vulnerability VCID-vf2s-s6dr-nqhf
6
vulnerability VCID-vhy5-48ge-vyat
7
vulnerability VCID-x388-wd41-tkh3
8
vulnerability VCID-x788-tu9q-byfu
9
vulnerability VCID-xrgb-33bd-ckat
10
vulnerability VCID-y165-fy8y-2fcc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.5
aliases CVE-2015-5467, GHSA-7cfq-72w2-24q4
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uybn-p34d-pbga
7
url VCID-vf2s-s6dr-nqhf
vulnerability_id VCID-vf2s-s6dr-nqhf
summary 
Origin Validation Error
Yii actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20745
reference_id
reference_type
scores
0
value 0.00118
scoring_system epss
scoring_elements 0.3021
published_at 2026-06-04T12:55:00Z
1
value 0.00118
scoring_system epss
scoring_elements 0.30219
published_at 2026-06-07T12:55:00Z
2
value 0.00118
scoring_system epss
scoring_elements 0.30248
published_at 2026-06-06T12:55:00Z
3
value 0.00118
scoring_system epss
scoring_elements 0.30284
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20745
1
reference_url https://github.com/yiisoft/yii2/issues/16193
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/issues/16193
2
reference_url https://github.com/yiisoft/yii2/pull/16198
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/pull/16198
3
reference_url https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-20745
reference_id CVE-2018-20745
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-20745
5
reference_url https://github.com/advisories/GHSA-cr6r-6xm9-ww22
reference_id GHSA-cr6r-6xm9-ww22
reference_type
scores
url https://github.com/advisories/GHSA-cr6r-6xm9-ww22
fixed_packages
0
url pkg:composer/yiisoft/yii2-dev@2.0.16
purl pkg:composer/yiisoft/yii2-dev@2.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6rub-m94d-jfct
1
vulnerability VCID-gb9u-t143-vker
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-x388-wd41-tkh3
4
vulnerability VCID-xrgb-33bd-ckat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.16
1
url pkg:composer/yiisoft/yii2-dev@3.0.0-alpha1
purl pkg:composer/yiisoft/yii2-dev@3.0.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@3.0.0-alpha1
aliases CVE-2018-20745, GHSA-cr6r-6xm9-ww22
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vf2s-s6dr-nqhf
8
url VCID-vhy5-48ge-vyat
vulnerability_id VCID-vhy5-48ge-vyat
summary 
Code Injection
Yii allows remote attackers to inject unintended search conditions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-8074
reference_id
reference_type
scores
0
value 0.00853
scoring_system epss
scoring_elements 0.75311
published_at 2026-06-05T12:55:00Z
1
value 0.00853
scoring_system epss
scoring_elements 0.75306
published_at 2026-06-07T12:55:00Z
2
value 0.00853
scoring_system epss
scoring_elements 0.75314
published_at 2026-06-06T12:55:00Z
3
value 0.00853
scoring_system epss
scoring_elements 0.75281
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-8074
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-elasticsearch/CVE-2018-8074.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-elasticsearch/CVE-2018-8074.yaml
2
reference_url https://github.com/yiisoft/yii2
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2
3
reference_url https://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes
4
reference_url http://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8074
reference_id CVE-2018-8074
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-8074
fixed_packages
0
url pkg:composer/yiisoft/yii2-dev@2.0.15
purl pkg:composer/yiisoft/yii2-dev@2.0.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6rub-m94d-jfct
1
vulnerability VCID-gb9u-t143-vker
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-vf2s-s6dr-nqhf
4
vulnerability VCID-x388-wd41-tkh3
5
vulnerability VCID-xrgb-33bd-ckat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.15
aliases CVE-2018-8074, GHSA-m2p5-fwp2-qcw2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vhy5-48ge-vyat
9
url VCID-x388-wd41-tkh3
vulnerability_id VCID-x388-wd41-tkh3
summary 
yiisoft Yii2 Deserialization of Untrusted Data
A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. Affected by this issue is the function getIterator of the file symfony\finder\Iterator\SortableIterator.php. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-2689
reference_id
reference_type
scores
0
value 0.0011
scoring_system epss
scoring_elements 0.28981
published_at 2026-06-07T12:55:00Z
1
value 0.0011
scoring_system epss
scoring_elements 0.29017
published_at 2026-06-06T12:55:00Z
2
value 0.0011
scoring_system epss
scoring_elements 0.29051
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-2689
1
reference_url https://github.com/gaorenyusi/gaorenyusi/blob/main/Yii2.md
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T12:16:58Z/
url https://github.com/gaorenyusi/gaorenyusi/blob/main/Yii2.md
2
reference_url https://github.com/yiisoft/yii2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2
3
reference_url https://vuldb.com/?ctiid.300710
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T12:16:58Z/
url https://vuldb.com/?ctiid.300710
4
reference_url https://vuldb.com/?id.300710
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T12:16:58Z/
url https://vuldb.com/?id.300710
5
reference_url https://vuldb.com/?submit.521709
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T12:16:58Z/
url https://vuldb.com/?submit.521709
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-2689
reference_id CVE-2025-2689
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-2689
7
reference_url https://github.com/advisories/GHSA-88m2-j94x-v4fx
reference_id GHSA-88m2-j94x-v4fx
reference_type
scores
url https://github.com/advisories/GHSA-88m2-j94x-v4fx
fixed_packages
0
url pkg:composer/yiisoft/yii2-dev@2.0.46
purl pkg:composer/yiisoft/yii2-dev@2.0.46
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-xrgb-33bd-ckat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.46
aliases CVE-2025-2689, GHSA-88m2-j94x-v4fx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x388-wd41-tkh3
10
url VCID-x788-tu9q-byfu
vulnerability_id VCID-x788-tu9q-byfu
summary 
CSRF vulnerability in switchIdentiy
The `switchIdentity()` function in `web/User.php` did not regenerate the CSRF token upon a change of identity.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-6009
reference_id
reference_type
scores
0
value 0.00168
scoring_system epss
scoring_elements 0.37623
published_at 2026-06-04T12:55:00Z
1
value 0.00168
scoring_system epss
scoring_elements 0.37688
published_at 2026-06-07T12:55:00Z
2
value 0.00168
scoring_system epss
scoring_elements 0.37719
published_at 2026-06-06T12:55:00Z
3
value 0.00168
scoring_system epss
scoring_elements 0.37716
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-6009
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2018-6009.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2018-6009.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-dev/CVE-2018-6009.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-dev/CVE-2018-6009.yaml
3
reference_url https://github.com/yiisoft/yii2/commit/6c0540aa2d6e0fe0fa89e4fd35bba4be5d6cece7
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/commit/6c0540aa2d6e0fe0fa89e4fd35bba4be5d6cece7
4
reference_url https://github.com/yiisoft/yii2-framework
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2-framework
5
reference_url https://www.yiiframework.com/news/165/yii-2-0-14-is-released
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.yiiframework.com/news/165/yii-2-0-14-is-released
6
reference_url http://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix/
reference_id
reference_type
scores
url http://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-6009
reference_id CVE-2018-6009
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-6009
fixed_packages
0
url pkg:composer/yiisoft/yii2-dev@2.0.14
purl pkg:composer/yiisoft/yii2-dev@2.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6rub-m94d-jfct
1
vulnerability VCID-gb9u-t143-vker
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-jkfv-pxp7-9qba
4
vulnerability VCID-vf2s-s6dr-nqhf
5
vulnerability VCID-vhy5-48ge-vyat
6
vulnerability VCID-x388-wd41-tkh3
7
vulnerability VCID-xrgb-33bd-ckat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.14
aliases CVE-2018-6009, GHSA-cwhm-272p-3wj9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x788-tu9q-byfu
11
url VCID-xrgb-33bd-ckat
vulnerability_id VCID-xrgb-33bd-ckat
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26750
reference_id
reference_type
scores
0
value 0.11017
scoring_system epss
scoring_elements 0.93582
published_at 2026-06-06T12:55:00Z
1
value 0.11017
scoring_system epss
scoring_elements 0.9358
published_at 2026-06-07T12:55:00Z
2
value 0.11017
scoring_system epss
scoring_elements 0.93571
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26750
1
reference_url https://github.com/yiisoft/yii2/issues/19755
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-13T15:42:39Z/
url https://github.com/yiisoft/yii2/issues/19755
2
reference_url https://github.com/yiisoft/yii2/issues/19755#issuecomment-1426155955
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-13T15:42:39Z/
url https://github.com/yiisoft/yii2/issues/19755#issuecomment-1426155955
3
reference_url https://github.com/yiisoft/yii2/issues/19755#issuecomment-1505390813
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-13T15:42:39Z/
url https://github.com/yiisoft/yii2/issues/19755#issuecomment-1505390813
4
reference_url https://github.com/yiisoft/yii2/issues/19755#issuecomment-1505560351
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-13T15:42:39Z/
url https://github.com/yiisoft/yii2/issues/19755#issuecomment-1505560351
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26750
reference_id CVE-2023-26750
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-26750
6
reference_url https://github.com/advisories/GHSA-gq63-p39p-jrjf
reference_id GHSA-gq63-p39p-jrjf
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gq63-p39p-jrjf
fixed_packages
0
url pkg:composer/yiisoft/yii2-dev@3.0.0-alpha1
purl pkg:composer/yiisoft/yii2-dev@3.0.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@3.0.0-alpha1
aliases CVE-2023-26750, GHSA-gq63-p39p-jrjf
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xrgb-33bd-ckat
12
url VCID-y165-fy8y-2fcc
vulnerability_id VCID-y165-fy8y-2fcc
summary The `findByCondition` function in `framework/db/ActiveRecord.php` allows remote attackers to conduct SQL injection attacks via a `findOne()` or `findAll()à call, unless a developer recognizes an undocumented need to sanitize array input.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7269
reference_id
reference_type
scores
0
value 0.0061
scoring_system epss
scoring_elements 0.70175
published_at 2026-06-07T12:55:00Z
1
value 0.0061
scoring_system epss
scoring_elements 0.70192
published_at 2026-06-06T12:55:00Z
2
value 0.0061
scoring_system epss
scoring_elements 0.70184
published_at 2026-06-05T12:55:00Z
3
value 0.0061
scoring_system epss
scoring_elements 0.70141
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7269
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-dev/CVE-2018-7269.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-dev/CVE-2018-7269.yaml
2
reference_url https://github.com/yiisoft/yii2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2
3
reference_url https://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-7269
reference_id CVE-2018-7269
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-7269
fixed_packages
0
url pkg:composer/yiisoft/yii2-dev@2.0.12%2B1
purl pkg:composer/yiisoft/yii2-dev@2.0.12%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.12%252B1
1
url pkg:composer/yiisoft/yii2-dev@2.0.12.1
purl pkg:composer/yiisoft/yii2-dev@2.0.12.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6rub-m94d-jfct
1
vulnerability VCID-gb9u-t143-vker
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-jkfv-pxp7-9qba
4
vulnerability VCID-vf2s-s6dr-nqhf
5
vulnerability VCID-vhy5-48ge-vyat
6
vulnerability VCID-x388-wd41-tkh3
7
vulnerability VCID-xrgb-33bd-ckat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.12.1
2
url pkg:composer/yiisoft/yii2-dev@2.0.13%2B2
purl pkg:composer/yiisoft/yii2-dev@2.0.13%2B2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.13%252B2
3
url pkg:composer/yiisoft/yii2-dev@2.0.13.2
purl pkg:composer/yiisoft/yii2-dev@2.0.13.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6rub-m94d-jfct
1
vulnerability VCID-gb9u-t143-vker
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-jkfv-pxp7-9qba
4
vulnerability VCID-vf2s-s6dr-nqhf
5
vulnerability VCID-vhy5-48ge-vyat
6
vulnerability VCID-x388-wd41-tkh3
7
vulnerability VCID-xrgb-33bd-ckat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.13.2
4
url pkg:composer/yiisoft/yii2-dev@2.0.15
purl pkg:composer/yiisoft/yii2-dev@2.0.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6rub-m94d-jfct
1
vulnerability VCID-gb9u-t143-vker
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-vf2s-s6dr-nqhf
4
vulnerability VCID-x388-wd41-tkh3
5
vulnerability VCID-xrgb-33bd-ckat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.15
aliases CVE-2018-7269, GHSA-hhg2-g6h6-c266
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y165-fy8y-2fcc
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.3