Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
PHP Number Of NVD 689 CRITICAL 119 HIGH 257 MEDIUM 287 LOW 26
URL https://www.php.net/
Explanation It is an open source programming language used around the world as a development language for web applications.
It is developed by "The PHP Group" and is used in many open source web applications such as WordPress and Xoops.
Today, it can be used as a general-purpose scripting language for applications other than web applications.
It is a popular language among programming beginners because it is easy to learn.

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Add Information URL
No Type Name URL
1 https://www.php.net/supported-versions.php
2 https://www.php.net/downloads.php
3 https://www.php.net/eol.php
4 https://github.com/php/php-src
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
101 PHP8.3 8.3.28 Nov. 20, 2025 June 6, 2024 Dec. 31, 2025 Dec. 31, 2027 2 3 2 0
102 PHP8.2 8.2.29 July 3, 2025 Dec. 8, 2022 Dec. 31, 2024 Dec. 31, 2026 3 6 4 0
103 PHP8.1 8.1.33 July 3, 2025 Nov. 25, 2021 Nov. 25, 2023 Nov. 25, 2024 6 10 6 0
104 PHP8.0 8.0.30 Aug. 3, 2023 Nov. 26, 2020 Nov. 26, 2022 Nov. 26, 2023 6 9 11 0
105 PHP7.4 7.4.33 Nov. 3, 2022 Nov. 28, 2019 Nov. 28, 2021 Nov. 28, 2022 9 10 19 1
106 PHP7.3 7.3.33 Nov. 18, 2021 Dec. 6, 2018 Dec. 6, 2020 Dec. 6, 2021 19 17 21 1
107 PHP7.2 7.2.34 Oct. 1, 2020 Nov. 30, 2017 Nov. 30, 2019 Nov. 30, 2020 20 21 21 1
108 PHP7.1 7.1.33 Dec. 1, 2019 Dec. 1, 2016 Dec. 1, 2018 Dec. 1, 2019 30 36 10 0
109 PHP7.0 7.0.33 Dec. 6, 2018 Dec. 3, 2015 Dec. 3, 2017 Dec. 3, 2018 76 60 14 0
110 PHP5.6 5.6.40 Dec. 31, 2018 Aug. 28, 2014 Jan. 19, 2017 Dec. 31, 2018 77 95 41 1
111 PHP6.0 6.0 Jan. 1, 2000 4 8 5 0
112 PHP5.6 5.6.9 Jan. 1, 2000 77 95 41 1
113 PHP5.5 5.5.9 Jan. 1, 2000 72 98 67 3
114 PHP5.4 5.4.9 Jan. 1, 2000 61 103 74 4
115 PHP5.3 5.3.9 Jan. 1, 2000 62 110 134 4
116 PHP5.2 5.2.9 Jan. 1, 2000 63 156 184 7
117 PHP5.1 5.1.6 Jan. 1, 2000 63 150 150 19
118 PHP5.0 5.0.5 Jan. 1, 2000 63 154 157 14
119 PHP4.4 4.4.9 Jan. 1, 2000 62 149 164 20
120 PHP4.3 4.3.9 Jan. 1, 2000 62 158 164 15
121 PHP4.2 4.2.4 Jan. 1, 2000 62 157 166 15
122 PHP4.1 4.1.3 Jan. 1, 2000 62 159 163 15
123 PHP4.0 4.0.7 Jan. 1, 2000 62 161 168 17
124 PHP3.0 3.0.9 Jan. 1, 2000 61 136 140 6
125 PHP2.0b10 2.0b10 Jan. 1, 2000 61 124 132 6
126 PHP2.0 2.0.2 Jan. 1, 2000 61 124 132 6
127 PHP1.5 1.5 Jan. 1, 2000 61 120 131 6
128 PHP1.4 1.4 Jan. 1, 2000 61 120 131 6
129 PHP1.3 1.3.5 Jan. 1, 2000 61 120 131 6
130 PHP1.2 1.2.5 Jan. 1, 2000 61 120 131 6
131 PHP1.1 1.1.1 Jan. 1, 2000 61 120 131 6
132 PHP1.0 1.0.4 Jan. 1, 2000 61 124 132 6
133 PHP0.91 0.91 Jan. 1, 2000 61 120 131 6
134 PHP0.90 0.90 Jan. 1, 2000 61 120 131 6
135 PHP0.9 0.9.4 Jan. 1, 2000 61 120 131 6
136 PHP0.7 0.7 Jan. 1, 2000 61 120 131 6
137 PHP0.6 0.6 Jan. 1, 2000 61 120 131 6
138 PHP0.5 0.5.3 Jan. 1, 2000 61 120 131 6
139 PHP0.4 0.4 Jan. 1, 2000 61 120 131 6
140 PHP0.3 0.3 Jan. 1, 2000 61 120 131 6
141 PHP0.2 0.2.4 Jan. 1, 2000 61 120 131 6
142 PHP0.11 0.11 Jan. 1, 2000 61 120 131 6
143 PHP0.10 0.10 Jan. 1, 2000 61 120 131 6
144 PHP0.1 0.1.1 Jan. 1, 2000 61 120 131 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
101 7.5
5.0 		HIGH
Network 		In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For exa… CWE-20
 Improper Input Validation  		CVE-2016-10712 cpe:2.3:a:php:php:*:*
5.6.0
7.0.0 		5.5.31
5.6.17
7.0.2



2024-11-21 11:44
2018-02-9 		Show GitHub Exploit DB Packet Storm
102 6.1
4.3 		MEDIUM
Network 		An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar … CWE-79
Cross-site Scripting 		CVE-2018-5712 cpe:2.3:a:php:php:7.2.0:*
cpe:2.3:a:php:php:*:*
7.0.0
 7.1.12
7.0.26
5.6.32 		7.1.0

2024-11-21 13:09
2018-01-16 		Show GitHub Exploit DB Packet Storm
103 5.5
4.3 		MEDIUM
Local 		gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an in… CWE-681
CWE-835
 Incorrect Conversion between Numeric Types
 Loop with Unreachable Exit Condition ('Infinite Loop') 		CVE-2018-5711 cpe:2.3:a:php:php:7.2.0:*
cpe:2.3:a:php:php:*:*
7.0.0
 7.1.12
7.0.26
5.6.32 		7.1.0

2024-11-21 13:09
2018-01-16 		Show GitHub Exploit DB Packet Storm
104 7.5
5.0 		HIGH
Network 		In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to … CWE-125
Out-of-bounds Read 		CVE-2017-16642 cpe:2.3:a:php:php:*:* 7.1.0
7.0.0



7.1.11
7.0.25
5.6.32 		2024-11-21 12:16
2017-11-8 		Show GitHub Exploit DB Packet Storm
105 7.5
5.0 		HIGH
Network 		ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/… CWE-416
 Use After Free 		CVE-2017-12934 cpe:2.3:a:php:php:7.1.6:*
cpe:2.3:a:php:php:7.1.5:*
cpe:2.3:a:php:php:7.1.4:*
cpe:2.3:a:php:php:7.1.3:*
cpe… 		2024-11-21 12:10
2017-08-18 		Show GitHub Exploit DB Packet Storm
106 9.8
7.5 		CRITICAL
Network 		The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data… CWE-125
Out-of-bounds Read 		CVE-2017-12933 cpe:2.3:a:php:php:7.1.6:*
cpe:2.3:a:php:php:7.1.5:*
cpe:2.3:a:php:php:7.1.4:*
cpe:2.3:a:php:php:7.1.3:*
cpe… 		5.6.30 2024-11-21 12:10
2017-08-18 		Show GitHub Exploit DB Packet Storm
107 9.8
7.5 		CRITICAL
Network 		ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for … CWE-416
 Use After Free 		CVE-2017-12932 cpe:2.3:a:php:php:7.1.8:*
cpe:2.3:a:php:php:7.1.7:*
cpe:2.3:a:php:php:7.1.6:*
cpe:2.3:a:php:php:7.1.5:*
cpe… 		2024-11-21 12:10
2017-08-18 		Show GitHub Exploit DB Packet Storm
108 6.5
4.3 		MEDIUM
Network 		The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A… CWE-200
Information Exposure 		CVE-2017-7890 cpe:2.3:a:php:php:7.1.6:*
cpe:2.3:a:php:php:7.1.5:*
cpe:2.3:a:php:php:7.1.4:*
cpe:2.3:a:php:php:7.1.3:*
cpe… 		5.6.30 2024-11-21 12:32
2017-08-3 		Show GitHub Exploit DB Packet Storm
109 7.8
6.8 		HIGH
Local 		In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentiall… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2017-11628 cpe:2.3:a:php:php:7.1.6:*
cpe:2.3:a:php:php:7.1.5:*
cpe:2.3:a:php:php:7.1.4:*
cpe:2.3:a:php:php:7.1.3:*
cpe… 		5.6.30 2024-11-21 12:08
2017-07-26 		Show GitHub Exploit DB Packet Storm
110 9.8
7.5 		CRITICAL
Network 		In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buff… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2017-11362 cpe:2.3:a:php:php:7.1.6:*
cpe:2.3:a:php:php:7.1.5:*
cpe:2.3:a:php:php:7.1.4:*
cpe:2.3:a:php:php:7.1.3:*
cpe… 		2024-11-21 12:07
2017-07-17 		Show GitHub Exploit DB Packet Storm