Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
PHP Number Of NVD 689 CRITICAL 119 HIGH 257 MEDIUM 287 LOW 26
URL https://www.php.net/
Explanation It is an open source programming language used around the world as a development language for web applications.
It is developed by "The PHP Group" and is used in many open source web applications such as WordPress and Xoops.
Today, it can be used as a general-purpose scripting language for applications other than web applications.
It is a popular language among programming beginners because it is easy to learn.

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Add Information URL
No Type Name URL
1 https://www.php.net/supported-versions.php
2 https://www.php.net/downloads.php
3 https://www.php.net/eol.php
4 https://github.com/php/php-src
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
91 PHP8.3 8.3.28 Nov. 20, 2025 June 6, 2024 Dec. 31, 2025 Dec. 31, 2027 2 3 2 0
92 PHP8.2 8.2.29 July 3, 2025 Dec. 8, 2022 Dec. 31, 2024 Dec. 31, 2026 3 6 4 0
93 PHP8.1 8.1.33 July 3, 2025 Nov. 25, 2021 Nov. 25, 2023 Nov. 25, 2024 6 10 6 0
94 PHP8.0 8.0.30 Aug. 3, 2023 Nov. 26, 2020 Nov. 26, 2022 Nov. 26, 2023 6 9 11 0
95 PHP7.4 7.4.33 Nov. 3, 2022 Nov. 28, 2019 Nov. 28, 2021 Nov. 28, 2022 9 10 19 1
96 PHP7.3 7.3.33 Nov. 18, 2021 Dec. 6, 2018 Dec. 6, 2020 Dec. 6, 2021 19 17 21 1
97 PHP7.2 7.2.34 Oct. 1, 2020 Nov. 30, 2017 Nov. 30, 2019 Nov. 30, 2020 20 21 21 1
98 PHP7.1 7.1.33 Dec. 1, 2019 Dec. 1, 2016 Dec. 1, 2018 Dec. 1, 2019 30 36 10 0
99 PHP7.0 7.0.33 Dec. 6, 2018 Dec. 3, 2015 Dec. 3, 2017 Dec. 3, 2018 76 60 14 0
100 PHP5.6 5.6.40 Dec. 31, 2018 Aug. 28, 2014 Jan. 19, 2017 Dec. 31, 2018 77 95 41 1
101 PHP6.0 6.0 Jan. 1, 2000 4 8 5 0
102 PHP5.6 5.6.9 Jan. 1, 2000 77 95 41 1
103 PHP5.5 5.5.9 Jan. 1, 2000 72 98 67 3
104 PHP5.4 5.4.9 Jan. 1, 2000 61 103 74 4
105 PHP5.3 5.3.9 Jan. 1, 2000 62 110 134 4
106 PHP5.2 5.2.9 Jan. 1, 2000 63 156 184 7
107 PHP5.1 5.1.6 Jan. 1, 2000 63 150 150 19
108 PHP5.0 5.0.5 Jan. 1, 2000 63 154 157 14
109 PHP4.4 4.4.9 Jan. 1, 2000 62 149 164 20
110 PHP4.3 4.3.9 Jan. 1, 2000 62 158 164 15
111 PHP4.2 4.2.4 Jan. 1, 2000 62 157 166 15
112 PHP4.1 4.1.3 Jan. 1, 2000 62 159 163 15
113 PHP4.0 4.0.7 Jan. 1, 2000 62 161 168 17
114 PHP3.0 3.0.9 Jan. 1, 2000 61 136 140 6
115 PHP2.0b10 2.0b10 Jan. 1, 2000 61 124 132 6
116 PHP2.0 2.0.2 Jan. 1, 2000 61 124 132 6
117 PHP1.5 1.5 Jan. 1, 2000 61 120 131 6
118 PHP1.4 1.4 Jan. 1, 2000 61 120 131 6
119 PHP1.3 1.3.5 Jan. 1, 2000 61 120 131 6
120 PHP1.2 1.2.5 Jan. 1, 2000 61 120 131 6
121 PHP1.1 1.1.1 Jan. 1, 2000 61 120 131 6
122 PHP1.0 1.0.4 Jan. 1, 2000 61 124 132 6
123 PHP0.91 0.91 Jan. 1, 2000 61 120 131 6
124 PHP0.90 0.90 Jan. 1, 2000 61 120 131 6
125 PHP0.9 0.9.4 Jan. 1, 2000 61 120 131 6
126 PHP0.7 0.7 Jan. 1, 2000 61 120 131 6
127 PHP0.6 0.6 Jan. 1, 2000 61 120 131 6
128 PHP0.5 0.5.3 Jan. 1, 2000 61 120 131 6
129 PHP0.4 0.4 Jan. 1, 2000 61 120 131 6
130 PHP0.3 0.3 Jan. 1, 2000 61 120 131 6
131 PHP0.2 0.2.4 Jan. 1, 2000 61 120 131 6
132 PHP0.11 0.11 Jan. 1, 2000 61 120 131 6
133 PHP0.10 0.10 Jan. 1, 2000 61 120 131 6
134 PHP0.1 0.1.1 Jan. 1, 2000 61 120 131 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
91 9.8
7.5 		CRITICAL
Network 		PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer ov… CWE-190
 Integer Overflow or Wraparound 		CVE-2017-9120 cpe:2.3:a:php:php:*:* 7.0.0
8.0.0
7.4.0 		7.1.5


8.0.10
7.4.23 		2024-11-21 12:35
2018-08-3 		Show GitHub Exploit DB Packet Storm
92 7.5
5.0 		HIGH
Network 		PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call. CWE-125
Out-of-bounds Read 		CVE-2017-9118 cpe:2.3:a:php:php:7.1.5:*
cpe:2.3:a:php:php:*:* 		8.1.0
8.0.0
7.4.0



8.1.1
8.0.14
7.4.27 		2024-11-21 12:35
2018-08-3 		Show GitHub Exploit DB Packet Storm
93 9.8
7.5 		CRITICAL
Network 		exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closi… CWE-416
 Use After Free 		CVE-2018-12882 cpe:2.3:a:php:php:*:* 7.2.0 7.2.7 2024-11-21 12:46
2018-06-26 		Show GitHub Exploit DB Packet Storm
94 8.8
6.8 		HIGH
Network 		An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data becau… CWE-125
Out-of-bounds Read 		CVE-2018-10549 cpe:2.3:a:php:php:*:*
7.2.0
7.1.0
7.0.0





5.6.36
7.2.5
7.1.17
7.0.30 		2024-11-21 12:41
2018-04-30 		Show GitHub Exploit DB Packet Storm
95 7.5
5.0 		HIGH
Network 		An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer d… CWE-476
 NULL Pointer Dereference 		CVE-2018-10548 cpe:2.3:a:php:php:*:*
7.2.0
7.1.0
7.0.0





5.6.36
7.2.5
7.1.17
7.0.30 		2024-11-21 12:41
2018-04-30 		Show GitHub Exploit DB Packet Storm
96 6.1
4.3 		MEDIUM
Network 		An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages vi… CWE-79
Cross-site Scripting 		CVE-2018-10547 cpe:2.3:a:php:php:*:*
7.2.0
7.1.0
7.0.0





5.6.36
7.2.5
7.1.17
7.0.30 		2024-11-21 12:41
2018-04-30 		Show GitHub Exploit DB Packet Storm
97 7.5
5.0 		HIGH
Network 		An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not r… CWE-835
 Loop with Unreachable Exit Condition ('Infinite Loop') 		CVE-2018-10546 cpe:2.3:a:php:php:*:*
7.2.0
7.1.0
7.0.0





5.6.36
7.2.5
7.1.17
7.0.30 		2024-11-21 12:41
2018-04-30 		Show GitHub Exploit DB Packet Storm
98 4.7
1.9 		MEDIUM
Local 		An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c… CWE-200
Information Exposure 		CVE-2018-10545 cpe:2.3:a:php:php:*:* 7.2.0
7.1.0
7.0.0





7.2.4
7.1.16
7.0.29
5.6.35 		2024-11-21 12:41
2018-04-30 		Show GitHub Exploit DB Packet Storm
99 9.8
7.5 		CRITICAL
Network 		In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex f… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2018-7584 cpe:2.3:a:php:php:*:*
7.0.0
7.1.0
7.2.0 		5.6.33

7.1.14
7.2.2



7.0.28

 2024-11-21 13:12
2018-03-2 		Show GitHub Exploit DB Packet Storm
100 6.5
6.8 		MEDIUM
Network 		An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution fun… CWE-400
 Uncontrolled Resource Consumption 		CVE-2015-9253 cpe:2.3:a:php:php:7.3.0:alpha2
cpe:2.3:a:php:php:7.3.0:alpha1
cpe:2.3:a:php:php:*:* 		7.2.0

7.2.8
7.1.20 		2024-11-21 11:40
2018-02-20 		Show GitHub Exploit DB Packet Storm