Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
PHP Number Of NVD 689 CRITICAL 119 HIGH 257 MEDIUM 287 LOW 26
URL https://www.php.net/
Explanation It is an open source programming language used around the world as a development language for web applications.
It is developed by "The PHP Group" and is used in many open source web applications such as WordPress and Xoops.
Today, it can be used as a general-purpose scripting language for applications other than web applications.
It is a popular language among programming beginners because it is easy to learn.

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Add Information URL
No Type Name URL
1 https://www.php.net/supported-versions.php
2 https://www.php.net/downloads.php
3 https://www.php.net/eol.php
4 https://github.com/php/php-src
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
21 PHP8.3 8.3.28 Nov. 20, 2025 June 6, 2024 Dec. 31, 2025 Dec. 31, 2027 2 3 2 0
22 PHP8.2 8.2.29 July 3, 2025 Dec. 8, 2022 Dec. 31, 2024 Dec. 31, 2026 3 6 4 0
23 PHP8.1 8.1.33 July 3, 2025 Nov. 25, 2021 Nov. 25, 2023 Nov. 25, 2024 6 10 6 0
24 PHP8.0 8.0.30 Aug. 3, 2023 Nov. 26, 2020 Nov. 26, 2022 Nov. 26, 2023 6 9 11 0
25 PHP7.4 7.4.33 Nov. 3, 2022 Nov. 28, 2019 Nov. 28, 2021 Nov. 28, 2022 9 10 19 1
26 PHP7.3 7.3.33 Nov. 18, 2021 Dec. 6, 2018 Dec. 6, 2020 Dec. 6, 2021 19 17 21 1
27 PHP7.2 7.2.34 Oct. 1, 2020 Nov. 30, 2017 Nov. 30, 2019 Nov. 30, 2020 20 21 21 1
28 PHP7.1 7.1.33 Dec. 1, 2019 Dec. 1, 2016 Dec. 1, 2018 Dec. 1, 2019 30 36 10 0
29 PHP7.0 7.0.33 Dec. 6, 2018 Dec. 3, 2015 Dec. 3, 2017 Dec. 3, 2018 76 60 14 0
30 PHP5.6 5.6.40 Dec. 31, 2018 Aug. 28, 2014 Jan. 19, 2017 Dec. 31, 2018 77 95 41 1
31 PHP6.0 6.0 Jan. 1, 2000 4 8 5 0
32 PHP5.6 5.6.9 Jan. 1, 2000 77 95 41 1
33 PHP5.5 5.5.9 Jan. 1, 2000 72 98 67 3
34 PHP5.4 5.4.9 Jan. 1, 2000 61 103 74 4
35 PHP5.3 5.3.9 Jan. 1, 2000 62 110 134 4
36 PHP5.2 5.2.9 Jan. 1, 2000 63 156 184 7
37 PHP5.1 5.1.6 Jan. 1, 2000 63 150 150 19
38 PHP5.0 5.0.5 Jan. 1, 2000 63 154 157 14
39 PHP4.4 4.4.9 Jan. 1, 2000 62 149 164 20
40 PHP4.3 4.3.9 Jan. 1, 2000 62 158 164 15
41 PHP4.2 4.2.4 Jan. 1, 2000 62 157 166 15
42 PHP4.1 4.1.3 Jan. 1, 2000 62 159 163 15
43 PHP4.0 4.0.7 Jan. 1, 2000 62 161 168 17
44 PHP3.0 3.0.9 Jan. 1, 2000 61 136 140 6
45 PHP2.0b10 2.0b10 Jan. 1, 2000 61 124 132 6
46 PHP2.0 2.0.2 Jan. 1, 2000 61 124 132 6
47 PHP1.5 1.5 Jan. 1, 2000 61 120 131 6
48 PHP1.4 1.4 Jan. 1, 2000 61 120 131 6
49 PHP1.3 1.3.5 Jan. 1, 2000 61 120 131 6
50 PHP1.2 1.2.5 Jan. 1, 2000 61 120 131 6
51 PHP1.1 1.1.1 Jan. 1, 2000 61 120 131 6
52 PHP1.0 1.0.4 Jan. 1, 2000 61 124 132 6
53 PHP0.91 0.91 Jan. 1, 2000 61 120 131 6
54 PHP0.90 0.90 Jan. 1, 2000 61 120 131 6
55 PHP0.9 0.9.4 Jan. 1, 2000 61 120 131 6
56 PHP0.7 0.7 Jan. 1, 2000 61 120 131 6
57 PHP0.6 0.6 Jan. 1, 2000 61 120 131 6
58 PHP0.5 0.5.3 Jan. 1, 2000 61 120 131 6
59 PHP0.4 0.4 Jan. 1, 2000 61 120 131 6
60 PHP0.3 0.3 Jan. 1, 2000 61 120 131 6
61 PHP0.2 0.2.4 Jan. 1, 2000 61 120 131 6
62 PHP0.11 0.11 Jan. 1, 2000 61 120 131 6
63 PHP0.10 0.10 Jan. 1, 2000 61 120 131 6
64 PHP0.1 0.1.1 Jan. 1, 2000 61 120 131 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
21 8.1
6.8 		HIGH
Network 		In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attemptin… CWE-763
 Release of Invalid Pointer or Reference 		CVE-2022-31625 cpe:2.3:a:php:php:*:* 8.1.0
8.0.0
7.4.0



8.1.7
8.0.20
7.4.30 		2024-11-21 16:04
2022-06-16 		Show GitHub Exploit DB Packet Storm
22 9.8
6.8 		CRITICAL
Network 		In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possib… CWE-416
 Use After Free 		CVE-2021-21708 cpe:2.3:a:php:php:*:* 8.1.0
8.0.0
7.4.0



8.1.3
8.0.16
7.4.28 		2024-11-21 14:48
2022-02-27 		Show GitHub Exploit DB Packet Storm
23 5.3
5.0 		MEDIUM
Network 		In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename cont… NVD-CWE-Other
CVE-2021-21707 cpe:2.3:a:php:php:*:* 8.0.0
7.4.0
7.3.0



8.0.13
7.4.26
7.3.33 		2024-11-21 14:48
2021-11-29 		Show GitHub Exploit DB Packet Storm
24 7.0
6.9 		HIGH
Local 		In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running … CWE-787
 Out-of-bounds Write 		CVE-2021-21703 cpe:2.3:a:php:php:*:* 7.3.0
7.4.0
8.0.0 		7.3.31


7.4.25
8.0.12 		2024-11-21 14:48
2021-10-25 		Show GitHub Exploit DB Packet Storm
25 6.5
4.3 		MEDIUM
Network 		In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when… CWE-22
Path Traversal 		CVE-2021-21706 cpe:2.3:a:php:php:*:* 7.3.0
7.4.0
8.0.0



7.3.31
7.4.24
8.0.11 		2024-11-21 14:48
2021-10-4 		Show GitHub Exploit DB Packet Storm
26 5.3
5.0 		MEDIUM
Network 		In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid… CWE-20
 Improper Input Validation  		CVE-2021-21705 cpe:2.3:a:php:php:*:* 8.0.0
7.4.0
7.3.0



8.0.8
7.4.21
7.3.29 		2024-11-21 14:48
2021-10-4 		Show GitHub Exploit DB Packet Storm
27 5.9
4.3 		MEDIUM
Network 		In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, … CWE-787
 Out-of-bounds Write 		CVE-2021-21704 cpe:2.3:a:php:php:*:* 8.0.0
7.4.0
7.3.0



8.0.8
7.4.21
7.3.29 		2024-11-21 14:48
2021-10-4 		Show GitHub Exploit DB Packet Storm
28 7.5
5.0 		HIGH
Network 		In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a respo… CWE-476
 NULL Pointer Dereference 		CVE-2021-21702 cpe:2.3:a:php:php:*:* 7.3.0
7.4.0
8.0.0



7.3.27
7.4.15
8.0.2 		2024-11-21 14:48
2021-02-15 		Show GitHub Exploit DB Packet Storm
29 5.3
5.0 		MEDIUM
Network 		In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid … CWE-20
 Improper Input Validation  		CVE-2020-7071 cpe:2.3:a:php:php:*:* 7.3.0
7.4.0
8.0.0



7.3.26
7.4.14
8.0.1 		2024-11-21 14:36
2021-02-15 		Show GitHub Exploit DB Packet Storm
30 5.3
5.0 		MEDIUM
Network 		In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with pref… CWE-565
 Reliance on Cookies without Validation and Integrity Checking 		CVE-2020-7070 cpe:2.3:a:php:php:*:* 7.4.0
7.3.0
7.2.0



7.4.11
7.3.23
7.2.34 		2024-11-21 14:36
2020-10-3 		Show GitHub Exploit DB Packet Storm