Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
PHP Number Of NVD 689 CRITICAL 119 HIGH 257 MEDIUM 287 LOW 26
URL https://www.php.net/
Explanation It is an open source programming language used around the world as a development language for web applications.
It is developed by "The PHP Group" and is used in many open source web applications such as WordPress and Xoops.
Today, it can be used as a general-purpose scripting language for applications other than web applications.
It is a popular language among programming beginners because it is easy to learn.

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Add Information URL
No Type Name URL
1 https://www.php.net/supported-versions.php
2 https://www.php.net/downloads.php
3 https://www.php.net/eol.php
4 https://github.com/php/php-src
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
11 PHP8.3 8.3.28 Nov. 20, 2025 June 6, 2024 Dec. 31, 2025 Dec. 31, 2027 2 3 2 0
12 PHP8.2 8.2.29 July 3, 2025 Dec. 8, 2022 Dec. 31, 2024 Dec. 31, 2026 3 6 4 0
13 PHP8.1 8.1.33 July 3, 2025 Nov. 25, 2021 Nov. 25, 2023 Nov. 25, 2024 6 10 6 0
14 PHP8.0 8.0.30 Aug. 3, 2023 Nov. 26, 2020 Nov. 26, 2022 Nov. 26, 2023 6 9 11 0
15 PHP7.4 7.4.33 Nov. 3, 2022 Nov. 28, 2019 Nov. 28, 2021 Nov. 28, 2022 9 10 19 1
16 PHP7.3 7.3.33 Nov. 18, 2021 Dec. 6, 2018 Dec. 6, 2020 Dec. 6, 2021 19 17 21 1
17 PHP7.2 7.2.34 Oct. 1, 2020 Nov. 30, 2017 Nov. 30, 2019 Nov. 30, 2020 20 21 21 1
18 PHP7.1 7.1.33 Dec. 1, 2019 Dec. 1, 2016 Dec. 1, 2018 Dec. 1, 2019 30 36 10 0
19 PHP7.0 7.0.33 Dec. 6, 2018 Dec. 3, 2015 Dec. 3, 2017 Dec. 3, 2018 76 60 14 0
20 PHP5.6 5.6.40 Dec. 31, 2018 Aug. 28, 2014 Jan. 19, 2017 Dec. 31, 2018 77 95 41 1
21 PHP6.0 6.0 Jan. 1, 2000 4 8 5 0
22 PHP5.6 5.6.9 Jan. 1, 2000 77 95 41 1
23 PHP5.5 5.5.9 Jan. 1, 2000 72 98 67 3
24 PHP5.4 5.4.9 Jan. 1, 2000 61 103 74 4
25 PHP5.3 5.3.9 Jan. 1, 2000 62 110 134 4
26 PHP5.2 5.2.9 Jan. 1, 2000 63 156 184 7
27 PHP5.1 5.1.6 Jan. 1, 2000 63 150 150 19
28 PHP5.0 5.0.5 Jan. 1, 2000 63 154 157 14
29 PHP4.4 4.4.9 Jan. 1, 2000 62 149 164 20
30 PHP4.3 4.3.9 Jan. 1, 2000 62 158 164 15
31 PHP4.2 4.2.4 Jan. 1, 2000 62 157 166 15
32 PHP4.1 4.1.3 Jan. 1, 2000 62 159 163 15
33 PHP4.0 4.0.7 Jan. 1, 2000 62 161 168 17
34 PHP3.0 3.0.9 Jan. 1, 2000 61 136 140 6
35 PHP2.0b10 2.0b10 Jan. 1, 2000 61 124 132 6
36 PHP2.0 2.0.2 Jan. 1, 2000 61 124 132 6
37 PHP1.5 1.5 Jan. 1, 2000 61 120 131 6
38 PHP1.4 1.4 Jan. 1, 2000 61 120 131 6
39 PHP1.3 1.3.5 Jan. 1, 2000 61 120 131 6
40 PHP1.2 1.2.5 Jan. 1, 2000 61 120 131 6
41 PHP1.1 1.1.1 Jan. 1, 2000 61 120 131 6
42 PHP1.0 1.0.4 Jan. 1, 2000 61 124 132 6
43 PHP0.91 0.91 Jan. 1, 2000 61 120 131 6
44 PHP0.90 0.90 Jan. 1, 2000 61 120 131 6
45 PHP0.9 0.9.4 Jan. 1, 2000 61 120 131 6
46 PHP0.7 0.7 Jan. 1, 2000 61 120 131 6
47 PHP0.6 0.6 Jan. 1, 2000 61 120 131 6
48 PHP0.5 0.5.3 Jan. 1, 2000 61 120 131 6
49 PHP0.4 0.4 Jan. 1, 2000 61 120 131 6
50 PHP0.3 0.3 Jan. 1, 2000 61 120 131 6
51 PHP0.2 0.2.4 Jan. 1, 2000 61 120 131 6
52 PHP0.11 0.11 Jan. 1, 2000 61 120 131 6
53 PHP0.10 0.10 Jan. 1, 2000 61 120 131 6
54 PHP0.1 0.1.1 Jan. 1, 2000 61 120 131 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
11 4.3
- 		MEDIUM
Network 		In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower ran… CWE-330
 Use of Insufficiently Random Values 		CVE-2023-3247 cpe:2.3:a:php:php:*:* 8.2.0
8.1.0
8.0.0



8.2.7
8.1.20
8.0.29 		2024-11-21 17:16
2023-07-22 		Show GitHub Exploit DB Packet Storm
12 6.2
- 		MEDIUM
Local 		In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password … CWE-916
 Use of Password Hash With Insufficient Computational Effort 		CVE-2023-0567 cpe:2.3:a:php:php:*:* 8.2.0
8.1.0
8.0.0



8.2.3
8.1.16
8.0.28 		2024-11-21 16:37
2023-03-1 		Show GitHub Exploit DB Packet Storm
13 7.5
- 		HIGH
Network 		In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can… CWE-400
 Uncontrolled Resource Consumption 		CVE-2023-0662 cpe:2.3:a:php:php:*:* 8.2.0
8.1.0
8.0.0



8.2.3
8.1.16
8.0.28 		2024-11-21 16:37
2023-02-16 		Show GitHub Exploit DB Packet Storm
14 8.1
- 		HIGH
Network 		In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN … CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2023-0568 cpe:2.3:a:php:php:*:* 8.2.0
8.1.0
8.0.0



8.2.3
8.1.16
8.0.28 		2024-11-21 16:37
2023-02-16 		Show GitHub Exploit DB Packet Storm
15 7.1
- 		HIGH
Local 		In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used wit… CWE-125
Out-of-bounds Read 		CVE-2022-31630 cpe:2.3:a:php:php:*:* 8.0.0
8.1.0
7.4.0



8.0.25
8.1.12
7.4.33 		2024-11-21 16:04
2022-11-14 		Show GitHub Exploit DB Packet Storm
16 9.8
- 		CRITICAL
Network 		The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic… CWE-190
 Integer Overflow or Wraparound 		CVE-2022-37454 cpe:2.3:a:php:php:*:* 8.0.0
8.1.0
7.2.0



8.0.25
8.1.12
7.4.33 		2024-11-21 16:15
2022-10-21 		Show GitHub Exploit DB Packet Storm
17 6.5
- 		MEDIUM
Network 		In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` o… NVD-CWE-noinfo
CVE-2022-31629 cpe:2.3:a:php:php:*:* 8.1.0
8.0.0



8.1.11
8.0.24
7.4.31 		2024-11-21 16:04
2022-09-29 		Show GitHub Exploit DB Packet Storm
18 5.5
- 		MEDIUM
Local 		In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop. CWE-835
 Loop with Unreachable Exit Condition ('Infinite Loop') 		CVE-2022-31628 cpe:2.3:a:php:php:*:* 8.0.0

8.1.0



8.0.24
7.4.31
8.1.11 		2024-11-21 16:04
2022-09-29 		Show GitHub Exploit DB Packet Storm
19 9.8
- 		CRITICAL
Network 		In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocate… CWE-787
 Out-of-bounds Write 		CVE-2022-31627 cpe:2.3:a:php:php:*:* 8.1.0 8.1.8 2024-11-21 16:04
2022-07-28 		Show GitHub Exploit DB Packet Storm
20 8.8
6.0 		HIGH
Network 		In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the passwor… CWE-120
Classic Buffer Overflow 		CVE-2022-31626 cpe:2.3:a:php:php:*:* 8.1.0
8.0.0
7.4.0



8.1.7
8.0.20
7.4.30 		2024-11-21 16:04
2022-06-16 		Show GitHub Exploit DB Packet Storm