Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
PHP Number Of NVD 689 CRITICAL 119 HIGH 257 MEDIUM 287 LOW 26
URL https://www.php.net/
Explanation It is an open source programming language used around the world as a development language for web applications.
It is developed by "The PHP Group" and is used in many open source web applications such as WordPress and Xoops.
Today, it can be used as a general-purpose scripting language for applications other than web applications.
It is a popular language among programming beginners because it is easy to learn.

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Add Information URL
No Type Name URL
1 https://www.php.net/supported-versions.php
2 https://www.php.net/downloads.php
3 https://www.php.net/eol.php
4 https://github.com/php/php-src
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
201 PHP8.3 8.3.28 Nov. 20, 2025 June 6, 2024 Dec. 31, 2025 Dec. 31, 2027 2 3 2 0
202 PHP8.2 8.2.29 July 3, 2025 Dec. 8, 2022 Dec. 31, 2024 Dec. 31, 2026 3 6 4 0
203 PHP8.1 8.1.33 July 3, 2025 Nov. 25, 2021 Nov. 25, 2023 Nov. 25, 2024 6 10 6 0
204 PHP8.0 8.0.30 Aug. 3, 2023 Nov. 26, 2020 Nov. 26, 2022 Nov. 26, 2023 6 9 11 0
205 PHP7.4 7.4.33 Nov. 3, 2022 Nov. 28, 2019 Nov. 28, 2021 Nov. 28, 2022 9 10 19 1
206 PHP7.3 7.3.33 Nov. 18, 2021 Dec. 6, 2018 Dec. 6, 2020 Dec. 6, 2021 19 17 21 1
207 PHP7.2 7.2.34 Oct. 1, 2020 Nov. 30, 2017 Nov. 30, 2019 Nov. 30, 2020 20 21 21 1
208 PHP7.1 7.1.33 Dec. 1, 2019 Dec. 1, 2016 Dec. 1, 2018 Dec. 1, 2019 30 36 10 0
209 PHP7.0 7.0.33 Dec. 6, 2018 Dec. 3, 2015 Dec. 3, 2017 Dec. 3, 2018 76 60 14 0
210 PHP5.6 5.6.40 Dec. 31, 2018 Aug. 28, 2014 Jan. 19, 2017 Dec. 31, 2018 77 95 41 1
211 PHP6.0 6.0 Jan. 1, 2000 4 8 5 0
212 PHP5.6 5.6.9 Jan. 1, 2000 77 95 41 1
213 PHP5.5 5.5.9 Jan. 1, 2000 72 98 67 3
214 PHP5.4 5.4.9 Jan. 1, 2000 61 103 74 4
215 PHP5.3 5.3.9 Jan. 1, 2000 62 110 134 4
216 PHP5.2 5.2.9 Jan. 1, 2000 63 156 184 7
217 PHP5.1 5.1.6 Jan. 1, 2000 63 150 150 19
218 PHP5.0 5.0.5 Jan. 1, 2000 63 154 157 14
219 PHP4.4 4.4.9 Jan. 1, 2000 62 149 164 20
220 PHP4.3 4.3.9 Jan. 1, 2000 62 158 164 15
221 PHP4.2 4.2.4 Jan. 1, 2000 62 157 166 15
222 PHP4.1 4.1.3 Jan. 1, 2000 62 159 163 15
223 PHP4.0 4.0.7 Jan. 1, 2000 62 161 168 17
224 PHP3.0 3.0.9 Jan. 1, 2000 61 136 140 6
225 PHP2.0b10 2.0b10 Jan. 1, 2000 61 124 132 6
226 PHP2.0 2.0.2 Jan. 1, 2000 61 124 132 6
227 PHP1.5 1.5 Jan. 1, 2000 61 120 131 6
228 PHP1.4 1.4 Jan. 1, 2000 61 120 131 6
229 PHP1.3 1.3.5 Jan. 1, 2000 61 120 131 6
230 PHP1.2 1.2.5 Jan. 1, 2000 61 120 131 6
231 PHP1.1 1.1.1 Jan. 1, 2000 61 120 131 6
232 PHP1.0 1.0.4 Jan. 1, 2000 61 124 132 6
233 PHP0.91 0.91 Jan. 1, 2000 61 120 131 6
234 PHP0.90 0.90 Jan. 1, 2000 61 120 131 6
235 PHP0.9 0.9.4 Jan. 1, 2000 61 120 131 6
236 PHP0.7 0.7 Jan. 1, 2000 61 120 131 6
237 PHP0.6 0.6 Jan. 1, 2000 61 120 131 6
238 PHP0.5 0.5.3 Jan. 1, 2000 61 120 131 6
239 PHP0.4 0.4 Jan. 1, 2000 61 120 131 6
240 PHP0.3 0.3 Jan. 1, 2000 61 120 131 6
241 PHP0.2 0.2.4 Jan. 1, 2000 61 120 131 6
242 PHP0.11 0.11 Jan. 1, 2000 61 120 131 6
243 PHP0.10 0.10 Jan. 1, 2000 61 120 131 6
244 PHP0.1 0.1.1 Jan. 1, 2000 61 120 131 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
201 9.8
7.5 		CRITICAL
Network 		Integer overflow in the php_filter_encode_url function in ext/filter/sanitizing_filters.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other i… CWE-190
 Integer Overflow or Wraparound 		CVE-2016-4345 cpe:2.3:a:php:php:*:* 7.0.0 7.0.4 2024-11-21 11:51
2016-05-22 		Show GitHub Exploit DB Packet Storm
202 9.8
7.5 		CRITICAL
Network 		Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long argumen… CWE-190
 Integer Overflow or Wraparound 		CVE-2016-4344 cpe:2.3:a:php:php:*:* 7.0.0 7.0.4 2024-11-21 11:51
2016-05-22 		Show GitHub Exploit DB Packet Storm
203 8.8
6.8 		HIGH
Network 		The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service… CWE-824
 Access of Uninitialized Pointer 		CVE-2016-4343 cpe:2.3:a:php:php:*:*
5.6.0
7.0.0



5.5.36
5.6.18
7.0.3 		2024-11-21 11:51
2016-05-22 		Show GitHub Exploit DB Packet Storm
204 8.8
8.3 		HIGH
Network 		ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memor… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2016-4342 cpe:2.3:a:php:php:7.0.2:*
cpe:2.3:a:php:php:7.0.1:*
cpe:2.3:a:php:php:7.0.0:*
cpe:2.3:a:php:php:5.6.9:*
cpe… 		5.5.31 2024-11-21 11:51
2016-05-22 		Show GitHub Exploit DB Packet Storm
205 9.8
10.0 		CRITICAL
Network 		Double free vulnerability in the format printer in PHP 7.x before 7.0.1 allows remote attackers to have an unspecified impact by triggering an error. CWE-415
 Double Free 		CVE-2015-8880 cpe:2.3:a:php:php:7.0.0:- 2024-11-21 11:39
2016-05-22 		Show GitHub Exploit DB Packet Storm
206 7.5
5.0 		HIGH
Network 		The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application cra… CWE-20
 Improper Input Validation  		CVE-2015-8879 cpe:2.3:a:php:php:*:* 5.6.0

5.6.12
5.5.38 		2024-11-21 11:39
2016-05-22 		Show GitHub Exploit DB Packet Storm
207 5.9
7.1 		MEDIUM
Network 		main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory c… CWE-119
CWE-362
Incorrect Access of Indexable Resource ('Range Error') 
Race Condition 		CVE-2015-8878 cpe:2.3:a:php:php:*:* 5.5.0
5.6.0

5.5.28
5.6.12 		2024-11-21 11:39
2016-05-22 		Show GitHub Exploit DB Packet Storm
208 7.5
5.0 		HIGH
Network 		The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows … CWE-399
 Resource Management Errors 		CVE-2015-8877 cpe:2.3:a:php:php:*:* 5.6.11 2024-11-21 11:39
2016-05-22 		Show GitHub Exploit DB Packet Storm
209 9.8
7.5 		CRITICAL
Network 		Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL… NVD-CWE-Other
CVE-2015-8876 cpe:2.3:a:php:php:*:* 5.4.0
5.5.0
5.6.0



5.4.44
5.5.28
5.6.12 		2024-11-21 11:39
2016-05-22 		Show GitHub Exploit DB Packet Storm
210 7.5
5.0 		HIGH
Network 		The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, w… CWE-310
Cryptographic Issues 		CVE-2015-8867 cpe:2.3:a:php:php:*:* 5.4.0
5.5.0
5.6.0



5.4.44
5.5.28
5.6.12 		2024-11-21 11:39
2016-05-22 		Show GitHub Exploit DB Packet Storm