Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/symfony/yaml@2.0.22
Typecomposer
Namespacesymfony
Nameyaml
Version2.0.22
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.1.7
Latest_non_vulnerable_version8.0.12
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-bvc9-d1ns-33g6
vulnerability_id VCID-bvc9-d1ns-33g6
summary 
Code Injection
The `Yaml::parse` function in Symfony allows remote attackers to execute arbitrary PHP code via a PHP file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1348
reference_id
reference_type
scores
0
value 0.00619
scoring_system epss
scoring_elements 0.7037
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1348
1
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/81550
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/81550
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-1348.yaml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-1348.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2013-1348.yaml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2013-1348.yaml
4
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
5
reference_url https://github.com/symfony/symfony/commit/ac756bf39e646b4e130fad058d10a0228dbd9779
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/ac756bf39e646b4e130fad058d10a0228dbd9779
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1348
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-1348
7
reference_url https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released
8
reference_url https://web.archive.org/web/20150612022223/http://www.securityfocus.com/bid/57574
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20150612022223/http://www.securityfocus.com/bid/57574
fixed_packages
0
url pkg:composer/symfony/yaml@2.0.22
purl pkg:composer/symfony/yaml@2.0.22
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/yaml@2.0.22
aliases CVE-2013-1348, GHSA-2r5h-6r7v-5m7c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bvc9-d1ns-33g6
1
url VCID-n7gh-k1gc-5fb8
vulnerability_id VCID-n7gh-k1gc-5fb8
summary 
Symfony Arbitrary PHP code Execution
Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1397
reference_id
reference_type
scores
0
value 0.00619
scoring_system epss
scoring_elements 0.7037
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1397
1
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/81551
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/81551
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-1397.yaml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-1397.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2013-1397.yaml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2013-1397.yaml
4
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
5
reference_url https://github.com/symfony/symfony/commit/ba6e3159c0eeb3b6e21db32fce8fa2535cb3aa77
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/ba6e3159c0eeb3b6e21db32fce8fa2535cb3aa77
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1397
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-1397
7
reference_url https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released
8
reference_url http://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released
fixed_packages
0
url pkg:composer/symfony/yaml@2.0.22
purl pkg:composer/symfony/yaml@2.0.22
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/yaml@2.0.22
1
url pkg:composer/symfony/yaml@2.1.7
purl pkg:composer/symfony/yaml@2.1.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/yaml@2.1.7
2
url pkg:composer/symfony/yaml@2.2.0-BETA2
purl pkg:composer/symfony/yaml@2.2.0-BETA2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/yaml@2.2.0-BETA2
aliases CVE-2013-1397, GHSA-7w53-hfpw-rg3g
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n7gh-k1gc-5fb8
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/symfony/yaml@2.0.22