Yiisoft Yii2
5 CVEs affecting Yiisoft Yii2. Latest disclosed: 2026-05-20. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-15148 | High | 8.9 | 2020-09-15 | Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fix… |
CVE-2026-39850 | High | 7.4 | 2026-05-20 | Yii 2 is a PHP application framework. Versions 2.0.54 and prior contain flawed logic in the core view rendering method View::renderPhpFile() that leads to Loca… |
CVE-2025-2690 | Medium | 6.3 | 2025-03-24 | A vulnerability, which was classified as critical, was found in yiisoft Yii2 up to 2.0.39. This affects the function Generate of the file phpunit\src\Framework… |
CVE-2025-2689 | Medium | 6.3 | 2025-03-24 | A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. Affected by this issue is the function getIterator of the file… |
CVE-2024-32877 | Medium | 4.2 | 2024-05-30 | Yii 2 is a PHP application framework. During internal penetration testing of a product based on Yii2, users discovered a Cross-site Scripting (XSS) vulnerabili… |