yiisoft/yii2 vulnerabilities

Yii PHP Framework Version 2

Latest version: 2.0.23

Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the yiisoft/yii2 package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability Vulnerable versions Snyk patch Published
  • M
Broken CORS (Cross-Origin Resource Sharing)
<2.0.16 Not available 10 Feb, 2019
  • H
SQL injection
<2.0.12.1,>=2.0.13, <2.0.13.2,>=2.0.14, <2.0.15 Not available 21 Mar, 2018
  • H
HTTP Request Redirection
>=2.0, <2.0.14 Not available 19 Feb, 2018
  • H
Cross-site Request Forgery (CSRF)
>=2.0, <2.0.14 Not available 18 Feb, 2018
  • H
Information Exposure
>=2.0, <2.0.14 Not available 18 Feb, 2018
  • L
Arbitrary File Inclusion
<2.0.5 Not available 10 Jul, 2015
  • M
Cross-site Scripting (XSS)
<2.0.4 Not available 10 May, 2015