Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
PHP Number Of NVD 689 CRITICAL 119 HIGH 257 MEDIUM 287 LOW 26
URL https://www.php.net/
Explanation It is an open source programming language used around the world as a development language for web applications.
It is developed by "The PHP Group" and is used in many open source web applications such as WordPress and Xoops.
Today, it can be used as a general-purpose scripting language for applications other than web applications.
It is a popular language among programming beginners because it is easy to learn.

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Add Information URL
No Type Name URL
1 https://www.php.net/supported-versions.php
2 https://www.php.net/downloads.php
3 https://www.php.net/eol.php
4 https://github.com/php/php-src
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
281 PHP8.3 8.3.28 Nov. 20, 2025 June 6, 2024 Dec. 31, 2025 Dec. 31, 2027 2 3 2 0
282 PHP8.2 8.2.29 July 3, 2025 Dec. 8, 2022 Dec. 31, 2024 Dec. 31, 2026 3 6 4 0
283 PHP8.1 8.1.33 July 3, 2025 Nov. 25, 2021 Nov. 25, 2023 Nov. 25, 2024 6 10 6 0
284 PHP8.0 8.0.30 Aug. 3, 2023 Nov. 26, 2020 Nov. 26, 2022 Nov. 26, 2023 6 9 11 0
285 PHP7.4 7.4.33 Nov. 3, 2022 Nov. 28, 2019 Nov. 28, 2021 Nov. 28, 2022 9 10 19 1
286 PHP7.3 7.3.33 Nov. 18, 2021 Dec. 6, 2018 Dec. 6, 2020 Dec. 6, 2021 19 17 21 1
287 PHP7.2 7.2.34 Oct. 1, 2020 Nov. 30, 2017 Nov. 30, 2019 Nov. 30, 2020 20 21 21 1
288 PHP7.1 7.1.33 Dec. 1, 2019 Dec. 1, 2016 Dec. 1, 2018 Dec. 1, 2019 30 36 10 0
289 PHP7.0 7.0.33 Dec. 6, 2018 Dec. 3, 2015 Dec. 3, 2017 Dec. 3, 2018 76 60 14 0
290 PHP5.6 5.6.40 Dec. 31, 2018 Aug. 28, 2014 Jan. 19, 2017 Dec. 31, 2018 77 95 41 1
291 PHP6.0 6.0 Jan. 1, 2000 4 8 5 0
292 PHP5.6 5.6.9 Jan. 1, 2000 77 95 41 1
293 PHP5.5 5.5.9 Jan. 1, 2000 72 98 67 3
294 PHP5.4 5.4.9 Jan. 1, 2000 61 103 74 4
295 PHP5.3 5.3.9 Jan. 1, 2000 62 110 134 4
296 PHP5.2 5.2.9 Jan. 1, 2000 63 156 184 7
297 PHP5.1 5.1.6 Jan. 1, 2000 63 150 150 19
298 PHP5.0 5.0.5 Jan. 1, 2000 63 154 157 14
299 PHP4.4 4.4.9 Jan. 1, 2000 62 149 164 20
300 PHP4.3 4.3.9 Jan. 1, 2000 62 158 164 15
301 PHP4.2 4.2.4 Jan. 1, 2000 62 157 166 15
302 PHP4.1 4.1.3 Jan. 1, 2000 62 159 163 15
303 PHP4.0 4.0.7 Jan. 1, 2000 62 161 168 17
304 PHP3.0 3.0.9 Jan. 1, 2000 61 136 140 6
305 PHP2.0b10 2.0b10 Jan. 1, 2000 61 124 132 6
306 PHP2.0 2.0.2 Jan. 1, 2000 61 124 132 6
307 PHP1.5 1.5 Jan. 1, 2000 61 120 131 6
308 PHP1.4 1.4 Jan. 1, 2000 61 120 131 6
309 PHP1.3 1.3.5 Jan. 1, 2000 61 120 131 6
310 PHP1.2 1.2.5 Jan. 1, 2000 61 120 131 6
311 PHP1.1 1.1.1 Jan. 1, 2000 61 120 131 6
312 PHP1.0 1.0.4 Jan. 1, 2000 61 124 132 6
313 PHP0.91 0.91 Jan. 1, 2000 61 120 131 6
314 PHP0.90 0.90 Jan. 1, 2000 61 120 131 6
315 PHP0.9 0.9.4 Jan. 1, 2000 61 120 131 6
316 PHP0.7 0.7 Jan. 1, 2000 61 120 131 6
317 PHP0.6 0.6 Jan. 1, 2000 61 120 131 6
318 PHP0.5 0.5.3 Jan. 1, 2000 61 120 131 6
319 PHP0.4 0.4 Jan. 1, 2000 61 120 131 6
320 PHP0.3 0.3 Jan. 1, 2000 61 120 131 6
321 PHP0.2 0.2.4 Jan. 1, 2000 61 120 131 6
322 PHP0.11 0.11 Jan. 1, 2000 61 120 131 6
323 PHP0.10 0.10 Jan. 1, 2000 61 120 131 6
324 PHP0.1 0.1.1 Jan. 1, 2000 61 120 131 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
281 -
7.5 		HIGH The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free ope… CWE-404
 Improper Resource Shutdown or Release 		CVE-2015-3415 cpe:2.3:a:php:php:*:* 5.5.0
5.6.0
5.4.0



5.5.26
5.6.10
5.4.42 		2024-11-21 11:29
2015-04-25 		Show GitHub Exploit DB Packet Storm
282 -
7.5 		HIGH SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and appli… CWE-908
 Use of Uninitialized Resource 		CVE-2015-3414 cpe:2.3:a:php:php:*:* 5.5.0
5.6.0
5.4.0



5.5.26
5.6.10
5.4.42 		2024-11-21 11:29
2015-04-25 		Show GitHub Exploit DB Packet Storm
283 -
7.5 		HIGH Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execu… NVD-CWE-Other
CVE-2015-2787 cpe:2.3:a:php:php:5.6.6:*
cpe:2.3:a:php:php:5.6.5:*
cpe:2.3:a:php:php:5.6.4:*
cpe:2.3:a:php:php:5.6.3:*
cpe… 		5.4.38 2024-11-21 11:28
2015-03-30 		Show GitHub Exploit DB Packet Storm
284 -
7.5 		HIGH Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other p… CWE-189
Numeric Errors 		CVE-2015-2331 cpe:2.3:a:php:php:5.6.6:*
cpe:2.3:a:php:php:5.6.5:*
cpe:2.3:a:php:php:5.6.4:*
cpe:2.3:a:php:php:5.6.3:*
cpe… 		5.4.38 2024-11-21 11:27
2015-03-30 		Show GitHub Exploit DB Packet Storm
285 -
5.0 		MEDIUM The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, whic… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2015-2348 cpe:2.3:a:php:php:5.6.6:*
cpe:2.3:a:php:php:5.6.5:*
cpe:2.3:a:php:php:5.6.4:*
cpe:2.3:a:php:php:5.6.3:*
cpe… 		5.4.38 2024-11-21 11:27
2015-03-30 		Show GitHub Exploit DB Packet Storm
286 -
6.8 		MEDIUM Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow … CWE-190
 Integer Overflow or Wraparound 		CVE-2015-2305 cpe:2.3:a:php:php:*:* 5.4.0
5.5.0
5.6.0



5.4.39
5.5.23
5.6.7 		2024-11-21 11:27
2015-03-30 		Show GitHub Exploit DB Packet Storm
287 -
7.5 		HIGH Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have uns… CWE-416
 Use After Free 		CVE-2015-2301 cpe:2.3:a:php:php:*:* 5.5.0
5.6.0
5.4.0



5.5.22
5.6.6
5.4.40 		2024-11-21 11:27
2015-03-30 		Show GitHub Exploit DB Packet Storm
288 -
5.0 		MEDIUM The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denia… NVD-CWE-Other
CVE-2015-1352 cpe:2.3:a:php:php:*:* 5.6.0

5.5.0



5.6.8
5.4.40
5.5.24 		2024-11-21 11:25
2015-03-30 		Show GitHub Exploit DB Packet Storm
289 -
7.5 		HIGH Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly … CWE-416
 Use After Free 		CVE-2015-1351 cpe:2.3:a:php:php:*:*
5.6.0

5.5.24
5.6.8 		2024-11-21 11:25
2015-03-30 		Show GitHub Exploit DB Packet Storm
290 -
7.5 		HIGH Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialize… NVD-CWE-Other
CVE-2015-0273 cpe:2.3:a:php:php:5.6.5:*
cpe:2.3:a:php:php:5.6.4:*
cpe:2.3:a:php:php:5.6.3:*
cpe:2.3:a:php:php:5.6.2:*
cpe… 		5.4.37 2024-11-21 11:22
2015-03-30 		Show GitHub Exploit DB Packet Storm