pkg:Packagist/yiisoft/yii2

All known vulnerabilities

• CRITICAL9.0CVE-2024-58136⚠ KEVyiisoft/yii2 Mishandles the Attaching of Behavior Defined by a `__class` Array Key
  from 0, < 2.0.52
• CRITICAL9.8CVE-2015-5467Yii2 allows attackers to execute any local .php file via a relative path in the view parameter
  >= 2.0.0, < 2.0.5
• HIGH8.9CVE-2020-15148Unsafe deserialization in Yii 2
  from 0, < 2.0.38
• HIGH8.8CVE-2018-6009Yii Framework Cross-Site Request Forgery (CSRF)
  >= 2.0, < 2.0.14
• HIGH8.1CVE-2024-4990Unsafe Reflection in base Component class in yiisoft/yii2
  from 0, < 2.0.49.4
• HIGH7.5CVE-2018-6010Yii Framework reflected Cross-site Scripting
  >= 2.0.0, < 2.0.14
• HIGH7.4CVE-2026-39850Yii 2: Local file inclusion via view parameter name collision
  from 0, < 2.0.55
• MEDIUM6.1CVE-2017-7271Yii Framework Reflected XSS
  from 0, < 2.0.11
• MEDIUM6.1CVE-2017-11516Yii Cross-site Scripting Framework vulnerability
  >= 2.0.12, < 2.0.13
• MEDIUM5.9CVE-2018-20745Yii Incorrectly Implements CORS
  from 0, < 2.0.16
• MEDIUM4.2CVE-2024-32877Reflected Cross-site Scripting in yiisoft/yii2 Debug mode
  >= 2.0.43, < 2.0.49.4
• —CVE-2015-3397Yii Framework Cross-site Scripting Vulnerability
  from 0, < 2.0.4