yiisoft/yii
Packagist4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting yiisoft/yiipage 1 of 1
- CVE-2014-4672NONECVSS 0.0EG 0.0✓ Fixed in 1.1.152014-07-03
vulnerable: 1.1.14
The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property.
- CVE-2022-41922HIGHCVSS 8.1EG 8.1✓ Fixed in 1.1.272022-11-23
vulnerable: 1.1.14 ... 1.1.26 (14 versions)
`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27.
- CVE-2023-47130HIGHCVSS 8.1EG 8.1✓ Fixed in 1.1.292023-11-14
vulnerable: 1.1.14 ... 1.1.28 (16 versions)
Yii is an open source PHP web framework. yiisoft/yii before version 1.1.29 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. An attacker may leverage this vulnerability to compr…
- CVE-2025-32027MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.1.312025-04-10
vulnerable: 1.1.14 ... 1.1.30 (18 versions)
Yii is an open source PHP web framework. Prior to 1.1.31, yiisoft/yii is vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is used. Upgrade yiisoft/yii to version 1.1.31 or higher.
Check whether yiisoft/yii is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for yiisoft/yii CVEs against the assets you own.
Start Free Scan →