[MEDIUM] yiisoft Yii2 Deserialization of Untrusted Data

PKSA-vjfw-277f-52gq CVE-2025-2689 GHSA-88m2-j94x-v4fx

Affected version: <=2.0.45

Reported by:
GitHub

[HIGH] Yii Framework Code Injection

PKSA-sxhn-698f-dpfd CVE-2018-8074 GHSA-m2p5-fwp2-qcw2

Affected version: >=2.0.0,<2.0.15

Reported by:
GitHub

[HIGH] Use of Insufficiently Random Values in yiisoft/yii2-dev

PKSA-gr88-dv3s-951n CVE-2021-3689 GHSA-hq3v-rg6f-6hx4

Affected version: <2.0.43

Reported by:
GitHub

[MEDIUM] Use of Cryptographically Weak Pseudo-Random Number Generator in yiisoft/yii2-dev

PKSA-26mg-s28k-sb3m CVE-2021-3692 GHSA-wwvv-x5mq-h3jj

Affected version: <2.0.43

Reported by:
GitHub

[CRITICAL] Potential SQL injection in methods `yii\db\ActiveRecord::findOne()` and `::findAll()`

PKSA-xtm2-wjhy-b81b CVE-2018-7269 GHSA-hhg2-g6h6-c266

Affected version: <2.0.12.1|>=2.0.13,<2.0.13.2|>=2.0.14,<2.0.15

Reported by:
GitHub, FriendsOfPHP/security-advisories