Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/yiisoft/yii2-dev@2.0.12
Typecomposer
Namespaceyiisoft
Nameyii2-dev
Version2.0.12
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.0.0-alpha1
Latest_non_vulnerable_version3.0.0-alpha1
Affected_by_vulnerabilities
0
url VCID-4xj7-j7qz-2kd2
vulnerability_id VCID-4xj7-j7qz-2kd2
summary 
Information disclosure
Remote attackers can obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-6010
reference_id
reference_type
scores
0
value 0.01012
scoring_system epss
scoring_elements 0.77472
published_at 2026-06-04T12:55:00Z
1
value 0.01012
scoring_system epss
scoring_elements 0.77509
published_at 2026-06-09T12:55:00Z
2
value 0.01012
scoring_system epss
scoring_elements 0.77488
published_at 2026-06-08T12:55:00Z
3
value 0.01012
scoring_system epss
scoring_elements 0.77508
published_at 2026-06-06T12:55:00Z
4
value 0.01012
scoring_system epss
scoring_elements 0.77499
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-6010
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2018-6010.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2018-6010.yaml
2
reference_url https://github.com/yiisoft/yii2/commit/6b0be47e0fa9c532e03b07b4369050582fcf5c7a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/commit/6b0be47e0fa9c532e03b07b4369050582fcf5c7a
3
reference_url https://github.com/yiisoft/yii2-framework
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2-framework
4
reference_url https://github.com/yiisoft/yii2/issues/14711
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/issues/14711
5
reference_url https://github.com/yiisoft/yii2/pull/15534
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/pull/15534
6
reference_url https://www.yiiframework.com/news/165/yii-2-0-14-is-released
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.yiiframework.com/news/165/yii-2-0-14-is-released
7
reference_url http://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix/
reference_id
reference_type
scores
url http://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-6010
reference_id CVE-2018-6010
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-6010
9
reference_url https://github.com/advisories/GHSA-8gfq-c54m-3rf6
reference_id GHSA-8gfq-c54m-3rf6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8gfq-c54m-3rf6
fixed_packages
0
url pkg:composer/yiisoft/yii2-dev@2.0.14
purl pkg:composer/yiisoft/yii2-dev@2.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6rub-m94d-jfct
1
vulnerability VCID-gb9u-t143-vker
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-jkfv-pxp7-9qba
4
vulnerability VCID-vf2s-s6dr-nqhf
5
vulnerability VCID-vhy5-48ge-vyat
6
vulnerability VCID-x388-wd41-tkh3
7
vulnerability VCID-xrgb-33bd-ckat
8
vulnerability VCID-y165-fy8y-2fcc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.14
aliases CVE-2018-6010, GHSA-8gfq-c54m-3rf6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4xj7-j7qz-2kd2
1
url VCID-6rub-m94d-jfct
vulnerability_id VCID-6rub-m94d-jfct
summary 
Use of Insufficiently Random Values
yii2 is vulnerable to use of predictable algorithm in a random number generator
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3689
reference_id
reference_type
scores
0
value 0.00449
scoring_system epss
scoring_elements 0.63925
published_at 2026-06-04T12:55:00Z
1
value 0.00449
scoring_system epss
scoring_elements 0.63973
published_at 2026-06-09T12:55:00Z
2
value 0.00449
scoring_system epss
scoring_elements 0.63953
published_at 2026-06-08T12:55:00Z
3
value 0.00449
scoring_system epss
scoring_elements 0.63965
published_at 2026-06-07T12:55:00Z
4
value 0.00449
scoring_system epss
scoring_elements 0.63976
published_at 2026-06-06T12:55:00Z
5
value 0.00449
scoring_system epss
scoring_elements 0.63968
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3689
1
reference_url https://github.com/yiisoft/yii2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2
2
reference_url https://github.com/yiisoft/yii2/commit/13f27e4d920a05d53236139e8b07007acd046a46
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/commit/13f27e4d920a05d53236139e8b07007acd046a46
3
reference_url https://huntr.dev/bounties/50aad1d4-eb00-4573-b8a4-dbe38e2c229f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/50aad1d4-eb00-4573-b8a4-dbe38e2c229f
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3689
reference_id CVE-2021-3689
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3689
5
reference_url https://github.com/advisories/GHSA-hq3v-rg6f-6hx4
reference_id GHSA-hq3v-rg6f-6hx4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hq3v-rg6f-6hx4
fixed_packages
0
url pkg:composer/yiisoft/yii2-dev@2.0.43
purl pkg:composer/yiisoft/yii2-dev@2.0.43
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x388-wd41-tkh3
1
vulnerability VCID-xrgb-33bd-ckat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.43
aliases CVE-2021-3689, GHSA-hq3v-rg6f-6hx4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6rub-m94d-jfct
2
url VCID-gb9u-t143-vker
vulnerability_id VCID-gb9u-t143-vker
summary 
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3692
reference_id
reference_type
scores
0
value 0.00358
scoring_system epss
scoring_elements 0.5833
published_at 2026-06-04T12:55:00Z
1
value 0.00358
scoring_system epss
scoring_elements 0.58381
published_at 2026-06-09T12:55:00Z
2
value 0.00358
scoring_system epss
scoring_elements 0.58362
published_at 2026-06-08T12:55:00Z
3
value 0.00358
scoring_system epss
scoring_elements 0.58376
published_at 2026-06-07T12:55:00Z
4
value 0.00358
scoring_system epss
scoring_elements 0.58385
published_at 2026-06-06T12:55:00Z
5
value 0.00358
scoring_system epss
scoring_elements 0.58377
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3692
1
reference_url https://github.com/yiisoft/yii2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2
2
reference_url https://github.com/yiisoft/yii2/commit/13f27e4d920a05d53236139e8b07007acd046a46
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/commit/13f27e4d920a05d53236139e8b07007acd046a46
3
reference_url https://huntr.dev/bounties/55517f19-5c28-4db2-8b00-f78f841e8aba
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/55517f19-5c28-4db2-8b00-f78f841e8aba
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3692
reference_id CVE-2021-3692
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3692
5
reference_url https://github.com/advisories/GHSA-wwvv-x5mq-h3jj
reference_id GHSA-wwvv-x5mq-h3jj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wwvv-x5mq-h3jj
fixed_packages
0
url pkg:composer/yiisoft/yii2-dev@2.0.43
purl pkg:composer/yiisoft/yii2-dev@2.0.43
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x388-wd41-tkh3
1
vulnerability VCID-xrgb-33bd-ckat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.43
aliases CVE-2021-3692, GHSA-wwvv-x5mq-h3jj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gb9u-t143-vker
3
url VCID-gwmb-kcz9-d7b9
vulnerability_id VCID-gwmb-kcz9-d7b9
summary 
Deserialization of Untrusted Data
Yii 2 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15148
reference_id
reference_type
scores
0
value 0.93433
scoring_system epss
scoring_elements 0.99827
published_at 2026-06-09T12:55:00Z
1
value 0.93433
scoring_system epss
scoring_elements 0.99826
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15148
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2020-15148.yaml
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2020-15148.yaml
2
reference_url https://github.com/yiisoft/yii2/commit/9abccb96d7c5ddb569f92d1a748f50ee9b3e2b99
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/commit/9abccb96d7c5ddb569f92d1a748f50ee9b3e2b99
3
reference_url https://www.yiiframework.com/news/303/yii-2-0-38
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.yiiframework.com/news/303/yii-2-0-38
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15148
reference_id CVE-2020-15148
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15148
5
reference_url https://github.com/advisories/GHSA-699q-wcff-g9mj
reference_id GHSA-699q-wcff-g9mj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-699q-wcff-g9mj
6
reference_url https://github.com/yiisoft/yii2/security/advisories/GHSA-699q-wcff-g9mj
reference_id GHSA-699q-wcff-g9mj
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/security/advisories/GHSA-699q-wcff-g9mj
fixed_packages
0
url pkg:composer/yiisoft/yii2-dev@2.0.38
purl pkg:composer/yiisoft/yii2-dev@2.0.38
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6rub-m94d-jfct
1
vulnerability VCID-gb9u-t143-vker
2
vulnerability VCID-x388-wd41-tkh3
3
vulnerability VCID-xrgb-33bd-ckat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.38
aliases CVE-2020-15148, GHSA-699q-wcff-g9mj
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gwmb-kcz9-d7b9
4
url VCID-jkfv-pxp7-9qba
vulnerability_id VCID-jkfv-pxp7-9qba
summary 
Remote code execution
Redis extension of Yii 2 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-8073
reference_id
reference_type
scores
0
value 0.00911
scoring_system epss
scoring_elements 0.76231
published_at 2026-06-05T12:55:00Z
1
value 0.00911
scoring_system epss
scoring_elements 0.76239
published_at 2026-06-09T12:55:00Z
2
value 0.00911
scoring_system epss
scoring_elements 0.76215
published_at 2026-06-08T12:55:00Z
3
value 0.00911
scoring_system epss
scoring_elements 0.76226
published_at 2026-06-07T12:55:00Z
4
value 0.00911
scoring_system epss
scoring_elements 0.76233
published_at 2026-06-06T12:55:00Z
5
value 0.00911
scoring_system epss
scoring_elements 0.76206
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-8073
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-redis/CVE-2018-8073.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-redis/CVE-2018-8073.yaml
2
reference_url https://github.com/yiisoft/yii2-redis
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2-redis
3
reference_url https://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes
4
reference_url http://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8073
reference_id CVE-2018-8073
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-8073
6
reference_url https://github.com/advisories/GHSA-4hx3-m8w5-g5qh
reference_id GHSA-4hx3-m8w5-g5qh
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4hx3-m8w5-g5qh
fixed_packages
0
url pkg:composer/yiisoft/yii2-dev@2.0.15
purl pkg:composer/yiisoft/yii2-dev@2.0.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6rub-m94d-jfct
1
vulnerability VCID-gb9u-t143-vker
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-vf2s-s6dr-nqhf
4
vulnerability VCID-x388-wd41-tkh3
5
vulnerability VCID-xrgb-33bd-ckat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.15
aliases CVE-2018-8073, GHSA-4hx3-m8w5-g5qh
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jkfv-pxp7-9qba
5
url VCID-v3nu-bzav-vfc8
vulnerability_id VCID-v3nu-bzav-vfc8
summary 
Cross-site Scripting
An XSS vulnerability exists in `framework/views/errorHandler/exception`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-11516
reference_id
reference_type
scores
0
value 0.00223
scoring_system epss
scoring_elements 0.45103
published_at 2026-06-05T12:55:00Z
1
value 0.00223
scoring_system epss
scoring_elements 0.45071
published_at 2026-06-09T12:55:00Z
2
value 0.00223
scoring_system epss
scoring_elements 0.45059
published_at 2026-06-08T12:55:00Z
3
value 0.00223
scoring_system epss
scoring_elements 0.45108
published_at 2026-06-06T12:55:00Z
4
value 0.00223
scoring_system epss
scoring_elements 0.45035
published_at 2026-06-04T12:55:00Z
5
value 0.00223
scoring_system epss
scoring_elements 0.45088
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-11516
1
reference_url https://github.com/yiisoft/yii2-framework
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2-framework
2
reference_url https://github.com/yiisoft/yii2/pull/14492
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/pull/14492
3
reference_url https://github.com/yiisoft/yii2/pull/14492/files/feb4067de8a58f391a66e395192b0d83a8109b95
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/pull/14492/files/feb4067de8a58f391a66e395192b0d83a8109b95
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-11516
reference_id CVE-2017-11516
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-11516
5
reference_url https://github.com/advisories/GHSA-4c64-w8fg-xcq2
reference_id GHSA-4c64-w8fg-xcq2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4c64-w8fg-xcq2
fixed_packages
0
url pkg:composer/yiisoft/yii2-dev@2.0.12%2B1
purl pkg:composer/yiisoft/yii2-dev@2.0.12%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.12%252B1
1
url pkg:composer/yiisoft/yii2-dev@2.0.13
purl pkg:composer/yiisoft/yii2-dev@2.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xj7-j7qz-2kd2
1
vulnerability VCID-6rub-m94d-jfct
2
vulnerability VCID-gb9u-t143-vker
3
vulnerability VCID-gwmb-kcz9-d7b9
4
vulnerability VCID-jkfv-pxp7-9qba
5
vulnerability VCID-vf2s-s6dr-nqhf
6
vulnerability VCID-vhy5-48ge-vyat
7
vulnerability VCID-x388-wd41-tkh3
8
vulnerability VCID-x788-tu9q-byfu
9
vulnerability VCID-xrgb-33bd-ckat
10
vulnerability VCID-y165-fy8y-2fcc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.13
aliases CVE-2017-11516, GHSA-4c64-w8fg-xcq2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v3nu-bzav-vfc8
6
url VCID-vf2s-s6dr-nqhf
vulnerability_id VCID-vf2s-s6dr-nqhf
summary 
Origin Validation Error
Yii actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20745
reference_id
reference_type
scores
0
value 0.00118
scoring_system epss
scoring_elements 0.30219
published_at 2026-06-07T12:55:00Z
1
value 0.00118
scoring_system epss
scoring_elements 0.30204
published_at 2026-06-09T12:55:00Z
2
value 0.00118
scoring_system epss
scoring_elements 0.30188
published_at 2026-06-08T12:55:00Z
3
value 0.00118
scoring_system epss
scoring_elements 0.3021
published_at 2026-06-04T12:55:00Z
4
value 0.00118
scoring_system epss
scoring_elements 0.30284
published_at 2026-06-05T12:55:00Z
5
value 0.00118
scoring_system epss
scoring_elements 0.30248
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20745
1
reference_url https://github.com/yiisoft/yii2/issues/16193
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/issues/16193
2
reference_url https://github.com/yiisoft/yii2/pull/16198
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/pull/16198
3
reference_url https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-20745
reference_id CVE-2018-20745
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-20745
5
reference_url https://github.com/advisories/GHSA-cr6r-6xm9-ww22
reference_id GHSA-cr6r-6xm9-ww22
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cr6r-6xm9-ww22
fixed_packages
0
url pkg:composer/yiisoft/yii2-dev@2.0.16
purl pkg:composer/yiisoft/yii2-dev@2.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6rub-m94d-jfct
1
vulnerability VCID-gb9u-t143-vker
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-x388-wd41-tkh3
4
vulnerability VCID-xrgb-33bd-ckat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.16
1
url pkg:composer/yiisoft/yii2-dev@3.0.0-alpha1
purl pkg:composer/yiisoft/yii2-dev@3.0.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@3.0.0-alpha1
aliases CVE-2018-20745, GHSA-cr6r-6xm9-ww22
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vf2s-s6dr-nqhf
7
url VCID-vhy5-48ge-vyat
vulnerability_id VCID-vhy5-48ge-vyat
summary 
Code Injection
Yii allows remote attackers to inject unintended search conditions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-8074
reference_id
reference_type
scores
0
value 0.00853
scoring_system epss
scoring_elements 0.75281
published_at 2026-06-04T12:55:00Z
1
value 0.00853
scoring_system epss
scoring_elements 0.75318
published_at 2026-06-09T12:55:00Z
2
value 0.00853
scoring_system epss
scoring_elements 0.75292
published_at 2026-06-08T12:55:00Z
3
value 0.00853
scoring_system epss
scoring_elements 0.75306
published_at 2026-06-07T12:55:00Z
4
value 0.00853
scoring_system epss
scoring_elements 0.75314
published_at 2026-06-06T12:55:00Z
5
value 0.00853
scoring_system epss
scoring_elements 0.75311
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-8074
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-elasticsearch/CVE-2018-8074.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-elasticsearch/CVE-2018-8074.yaml
2
reference_url https://github.com/yiisoft/yii2
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2
3
reference_url https://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes
4
reference_url https://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes/
reference_id
reference_type
scores
url https://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes/
5
reference_url http://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes
6
reference_url http://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes/
reference_id
reference_type
scores
url http://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8074
reference_id CVE-2018-8074
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-8074
8
reference_url https://github.com/advisories/GHSA-m2p5-fwp2-qcw2
reference_id GHSA-m2p5-fwp2-qcw2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m2p5-fwp2-qcw2
fixed_packages
0
url pkg:composer/yiisoft/yii2-dev@2.0.15
purl pkg:composer/yiisoft/yii2-dev@2.0.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6rub-m94d-jfct
1
vulnerability VCID-gb9u-t143-vker
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-vf2s-s6dr-nqhf
4
vulnerability VCID-x388-wd41-tkh3
5
vulnerability VCID-xrgb-33bd-ckat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.15
aliases CVE-2018-8074, GHSA-m2p5-fwp2-qcw2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vhy5-48ge-vyat
8
url VCID-x388-wd41-tkh3
vulnerability_id VCID-x388-wd41-tkh3
summary 
yiisoft Yii2 Deserialization of Untrusted Data
A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. Affected by this issue is the function getIterator of the file symfony\finder\Iterator\SortableIterator.php. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-2689
reference_id
reference_type
scores
0
value 0.0011
scoring_system epss
scoring_elements 0.28948
published_at 2026-06-08T12:55:00Z
1
value 0.0011
scoring_system epss
scoring_elements 0.28958
published_at 2026-06-09T12:55:00Z
2
value 0.0011
scoring_system epss
scoring_elements 0.29051
published_at 2026-06-05T12:55:00Z
3
value 0.0011
scoring_system epss
scoring_elements 0.29017
published_at 2026-06-06T12:55:00Z
4
value 0.0011
scoring_system epss
scoring_elements 0.28981
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-2689
1
reference_url https://github.com/gaorenyusi/gaorenyusi/blob/main/Yii2.md
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T12:16:58Z/
url https://github.com/gaorenyusi/gaorenyusi/blob/main/Yii2.md
2
reference_url https://github.com/yiisoft/yii2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2
3
reference_url https://vuldb.com/?ctiid.300710
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T12:16:58Z/
url https://vuldb.com/?ctiid.300710
4
reference_url https://vuldb.com/?id.300710
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T12:16:58Z/
url https://vuldb.com/?id.300710
5
reference_url https://vuldb.com/?submit.521709
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T12:16:58Z/
url https://vuldb.com/?submit.521709
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-2689
reference_id CVE-2025-2689
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-2689
7
reference_url https://github.com/advisories/GHSA-88m2-j94x-v4fx
reference_id GHSA-88m2-j94x-v4fx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-88m2-j94x-v4fx
fixed_packages
0
url pkg:composer/yiisoft/yii2-dev@2.0.46
purl pkg:composer/yiisoft/yii2-dev@2.0.46
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-xrgb-33bd-ckat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.46
aliases CVE-2025-2689, GHSA-88m2-j94x-v4fx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x388-wd41-tkh3
9
url VCID-x788-tu9q-byfu
vulnerability_id VCID-x788-tu9q-byfu
summary 
CSRF vulnerability in switchIdentiy
The `switchIdentity()` function in `web/User.php` did not regenerate the CSRF token upon a change of identity.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-6009
reference_id
reference_type
scores
0
value 0.00168
scoring_system epss
scoring_elements 0.37719
published_at 2026-06-06T12:55:00Z
1
value 0.00168
scoring_system epss
scoring_elements 0.37662
published_at 2026-06-09T12:55:00Z
2
value 0.00168
scoring_system epss
scoring_elements 0.37649
published_at 2026-06-08T12:55:00Z
3
value 0.00168
scoring_system epss
scoring_elements 0.37688
published_at 2026-06-07T12:55:00Z
4
value 0.00168
scoring_system epss
scoring_elements 0.37623
published_at 2026-06-04T12:55:00Z
5
value 0.00168
scoring_system epss
scoring_elements 0.37716
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-6009
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2018-6009.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2018-6009.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-dev/CVE-2018-6009.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-dev/CVE-2018-6009.yaml
3
reference_url https://github.com/yiisoft/yii2/commit/6c0540aa2d6e0fe0fa89e4fd35bba4be5d6cece7
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/commit/6c0540aa2d6e0fe0fa89e4fd35bba4be5d6cece7
4
reference_url https://github.com/yiisoft/yii2-framework
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2-framework
5
reference_url https://www.yiiframework.com/news/165/yii-2-0-14-is-released
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.yiiframework.com/news/165/yii-2-0-14-is-released
6
reference_url http://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix/
reference_id
reference_type
scores
url http://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-6009
reference_id CVE-2018-6009
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-6009
8
reference_url https://github.com/advisories/GHSA-cwhm-272p-3wj9
reference_id GHSA-cwhm-272p-3wj9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cwhm-272p-3wj9
fixed_packages
0
url pkg:composer/yiisoft/yii2-dev@2.0.14
purl pkg:composer/yiisoft/yii2-dev@2.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6rub-m94d-jfct
1
vulnerability VCID-gb9u-t143-vker
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-jkfv-pxp7-9qba
4
vulnerability VCID-vf2s-s6dr-nqhf
5
vulnerability VCID-vhy5-48ge-vyat
6
vulnerability VCID-x388-wd41-tkh3
7
vulnerability VCID-xrgb-33bd-ckat
8
vulnerability VCID-y165-fy8y-2fcc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.14
aliases CVE-2018-6009, GHSA-cwhm-272p-3wj9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x788-tu9q-byfu
10
url VCID-xrgb-33bd-ckat
vulnerability_id VCID-xrgb-33bd-ckat
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26750
reference_id
reference_type
scores
0
value 0.11017
scoring_system epss
scoring_elements 0.93587
published_at 2026-06-09T12:55:00Z
1
value 0.11017
scoring_system epss
scoring_elements 0.93571
published_at 2026-06-04T12:55:00Z
2
value 0.11017
scoring_system epss
scoring_elements 0.93582
published_at 2026-06-06T12:55:00Z
3
value 0.11017
scoring_system epss
scoring_elements 0.9358
published_at 2026-06-07T12:55:00Z
4
value 0.11017
scoring_system epss
scoring_elements 0.93579
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26750
1
reference_url https://github.com/yiisoft/yii2/issues/19755
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-13T15:42:39Z/
url https://github.com/yiisoft/yii2/issues/19755
2
reference_url https://github.com/yiisoft/yii2/issues/19755#issuecomment-1426155955
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-13T15:42:39Z/
url https://github.com/yiisoft/yii2/issues/19755#issuecomment-1426155955
3
reference_url https://github.com/yiisoft/yii2/issues/19755#issuecomment-1505390813
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-13T15:42:39Z/
url https://github.com/yiisoft/yii2/issues/19755#issuecomment-1505390813
4
reference_url https://github.com/yiisoft/yii2/issues/19755#issuecomment-1505560351
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-13T15:42:39Z/
url https://github.com/yiisoft/yii2/issues/19755#issuecomment-1505560351
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26750
reference_id CVE-2023-26750
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-26750
6
reference_url https://github.com/advisories/GHSA-gq63-p39p-jrjf
reference_id GHSA-gq63-p39p-jrjf
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gq63-p39p-jrjf
fixed_packages
0
url pkg:composer/yiisoft/yii2-dev@3.0.0-alpha1
purl pkg:composer/yiisoft/yii2-dev@3.0.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@3.0.0-alpha1
aliases CVE-2023-26750, GHSA-gq63-p39p-jrjf
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xrgb-33bd-ckat
11
url VCID-y165-fy8y-2fcc
vulnerability_id VCID-y165-fy8y-2fcc
summary The `findByCondition` function in `framework/db/ActiveRecord.php` allows remote attackers to conduct SQL injection attacks via a `findOne()` or `findAll()à call, unless a developer recognizes an undocumented need to sanitize array input.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7269
reference_id
reference_type
scores
0
value 0.0061
scoring_system epss
scoring_elements 0.70141
published_at 2026-06-04T12:55:00Z
1
value 0.0061
scoring_system epss
scoring_elements 0.70187
published_at 2026-06-09T12:55:00Z
2
value 0.0061
scoring_system epss
scoring_elements 0.70164
published_at 2026-06-08T12:55:00Z
3
value 0.0061
scoring_system epss
scoring_elements 0.70175
published_at 2026-06-07T12:55:00Z
4
value 0.0061
scoring_system epss
scoring_elements 0.70192
published_at 2026-06-06T12:55:00Z
5
value 0.0061
scoring_system epss
scoring_elements 0.70184
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7269
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-dev/CVE-2018-7269.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-dev/CVE-2018-7269.yaml
2
reference_url https://github.com/yiisoft/yii2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2
3
reference_url https://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-7269
reference_id CVE-2018-7269
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-7269
5
reference_url https://github.com/advisories/GHSA-hhg2-g6h6-c266
reference_id GHSA-hhg2-g6h6-c266
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hhg2-g6h6-c266
fixed_packages
0
url pkg:composer/yiisoft/yii2-dev@2.0.12.1
purl pkg:composer/yiisoft/yii2-dev@2.0.12.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6rub-m94d-jfct
1
vulnerability VCID-gb9u-t143-vker
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-jkfv-pxp7-9qba
4
vulnerability VCID-vf2s-s6dr-nqhf
5
vulnerability VCID-vhy5-48ge-vyat
6
vulnerability VCID-x388-wd41-tkh3
7
vulnerability VCID-xrgb-33bd-ckat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.12.1
1
url pkg:composer/yiisoft/yii2-dev@2.0.12%2B1
purl pkg:composer/yiisoft/yii2-dev@2.0.12%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.12%252B1
2
url pkg:composer/yiisoft/yii2-dev@2.0.13.2
purl pkg:composer/yiisoft/yii2-dev@2.0.13.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6rub-m94d-jfct
1
vulnerability VCID-gb9u-t143-vker
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-jkfv-pxp7-9qba
4
vulnerability VCID-vf2s-s6dr-nqhf
5
vulnerability VCID-vhy5-48ge-vyat
6
vulnerability VCID-x388-wd41-tkh3
7
vulnerability VCID-xrgb-33bd-ckat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.13.2
3
url pkg:composer/yiisoft/yii2-dev@2.0.13%2B2
purl pkg:composer/yiisoft/yii2-dev@2.0.13%2B2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.13%252B2
4
url pkg:composer/yiisoft/yii2-dev@2.0.15
purl pkg:composer/yiisoft/yii2-dev@2.0.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6rub-m94d-jfct
1
vulnerability VCID-gb9u-t143-vker
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-vf2s-s6dr-nqhf
4
vulnerability VCID-x388-wd41-tkh3
5
vulnerability VCID-xrgb-33bd-ckat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.15
aliases CVE-2018-7269, GHSA-hhg2-g6h6-c266
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y165-fy8y-2fcc
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.12