Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
PHP Number Of NVD 689 CRITICAL 119 HIGH 257 MEDIUM 287 LOW 26
URL https://www.php.net/
Explanation It is an open source programming language used around the world as a development language for web applications.
It is developed by "The PHP Group" and is used in many open source web applications such as WordPress and Xoops.
Today, it can be used as a general-purpose scripting language for applications other than web applications.
It is a popular language among programming beginners because it is easy to learn.

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Add Information URL
No Type Name URL
1 https://www.php.net/supported-versions.php
2 https://www.php.net/downloads.php
3 https://www.php.net/eol.php
4 https://github.com/php/php-src
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
291 PHP8.3 8.3.28 Nov. 20, 2025 June 6, 2024 Dec. 31, 2025 Dec. 31, 2027 2 3 2 0
292 PHP8.2 8.2.29 July 3, 2025 Dec. 8, 2022 Dec. 31, 2024 Dec. 31, 2026 3 6 4 0
293 PHP8.1 8.1.33 July 3, 2025 Nov. 25, 2021 Nov. 25, 2023 Nov. 25, 2024 6 10 6 0
294 PHP8.0 8.0.30 Aug. 3, 2023 Nov. 26, 2020 Nov. 26, 2022 Nov. 26, 2023 6 9 11 0
295 PHP7.4 7.4.33 Nov. 3, 2022 Nov. 28, 2019 Nov. 28, 2021 Nov. 28, 2022 9 10 19 1
296 PHP7.3 7.3.33 Nov. 18, 2021 Dec. 6, 2018 Dec. 6, 2020 Dec. 6, 2021 19 17 21 1
297 PHP7.2 7.2.34 Oct. 1, 2020 Nov. 30, 2017 Nov. 30, 2019 Nov. 30, 2020 20 21 21 1
298 PHP7.1 7.1.33 Dec. 1, 2019 Dec. 1, 2016 Dec. 1, 2018 Dec. 1, 2019 30 36 10 0
299 PHP7.0 7.0.33 Dec. 6, 2018 Dec. 3, 2015 Dec. 3, 2017 Dec. 3, 2018 76 60 14 0
300 PHP5.6 5.6.40 Dec. 31, 2018 Aug. 28, 2014 Jan. 19, 2017 Dec. 31, 2018 77 95 41 1
301 PHP6.0 6.0 Jan. 1, 2000 4 8 5 0
302 PHP5.6 5.6.9 Jan. 1, 2000 77 95 41 1
303 PHP5.5 5.5.9 Jan. 1, 2000 72 98 67 3
304 PHP5.4 5.4.9 Jan. 1, 2000 61 103 74 4
305 PHP5.3 5.3.9 Jan. 1, 2000 62 110 134 4
306 PHP5.2 5.2.9 Jan. 1, 2000 63 156 184 7
307 PHP5.1 5.1.6 Jan. 1, 2000 63 150 150 19
308 PHP5.0 5.0.5 Jan. 1, 2000 63 154 157 14
309 PHP4.4 4.4.9 Jan. 1, 2000 62 149 164 20
310 PHP4.3 4.3.9 Jan. 1, 2000 62 158 164 15
311 PHP4.2 4.2.4 Jan. 1, 2000 62 157 166 15
312 PHP4.1 4.1.3 Jan. 1, 2000 62 159 163 15
313 PHP4.0 4.0.7 Jan. 1, 2000 62 161 168 17
314 PHP3.0 3.0.9 Jan. 1, 2000 61 136 140 6
315 PHP2.0b10 2.0b10 Jan. 1, 2000 61 124 132 6
316 PHP2.0 2.0.2 Jan. 1, 2000 61 124 132 6
317 PHP1.5 1.5 Jan. 1, 2000 61 120 131 6
318 PHP1.4 1.4 Jan. 1, 2000 61 120 131 6
319 PHP1.3 1.3.5 Jan. 1, 2000 61 120 131 6
320 PHP1.2 1.2.5 Jan. 1, 2000 61 120 131 6
321 PHP1.1 1.1.1 Jan. 1, 2000 61 120 131 6
322 PHP1.0 1.0.4 Jan. 1, 2000 61 124 132 6
323 PHP0.91 0.91 Jan. 1, 2000 61 120 131 6
324 PHP0.90 0.90 Jan. 1, 2000 61 120 131 6
325 PHP0.9 0.9.4 Jan. 1, 2000 61 120 131 6
326 PHP0.7 0.7 Jan. 1, 2000 61 120 131 6
327 PHP0.6 0.6 Jan. 1, 2000 61 120 131 6
328 PHP0.5 0.5.3 Jan. 1, 2000 61 120 131 6
329 PHP0.4 0.4 Jan. 1, 2000 61 120 131 6
330 PHP0.3 0.3 Jan. 1, 2000 61 120 131 6
331 PHP0.2 0.2.4 Jan. 1, 2000 61 120 131 6
332 PHP0.11 0.11 Jan. 1, 2000 61 120 131 6
333 PHP0.10 0.10 Jan. 1, 2000 61 120 131 6
334 PHP0.1 0.1.1 Jan. 1, 2000 61 120 131 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
291 -
5.0 		MEDIUM The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and applicati… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2014-9709 cpe:2.3:a:php:php:*:* 5.5.0
5.6.0
5.4.0



5.5.21
5.6.5
5.4.40 		2024-11-21 11:21
2015-03-30 		Show GitHub Exploit DB Packet Storm
292 -
7.5 		HIGH Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute ar… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2014-9705 cpe:2.3:a:php:php:5.6.5:*
cpe:2.3:a:php:php:5.6.4:*
cpe:2.3:a:php:php:5.6.3:*
cpe:2.3:a:php:php:5.6.2:*
cpe… 		5.4.37 2024-11-21 11:21
2015-03-30 		Show GitHub Exploit DB Packet Storm
293 -
7.5 		HIGH readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of … CWE-20
 Improper Input Validation  		CVE-2014-9653 cpe:2.3:a:php:php:5.6.4:*
cpe:2.3:a:php:php:5.6.3:*
cpe:2.3:a:php:php:5.6.2:*
cpe:2.3:a:php:php:5.6.1:*
cpe… 		5.4.36 2024-11-21 11:21
2015-03-30 		Show GitHub Exploit DB Packet Storm
294 -
5.0 		MEDIUM The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain strin… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2014-9652 cpe:2.3:a:php:php:5.6.4:*
cpe:2.3:a:php:php:5.6.3:*
cpe:2.3:a:php:php:5.6.2:*
cpe:2.3:a:php:php:5.6.1:*
cpe… 		5.4.36 2024-11-21 11:21
2015-03-30 		Show GitHub Exploit DB Packet Storm
295 -
4.6 		MEDIUM The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL … CWE-74
Injection 		CVE-2013-6501 cpe:2.3:a:php:php:*:* 5.6.7 2024-11-21 10:59
2015-03-30 		Show GitHub Exploit DB Packet Storm
296 -
10.0 		HIGH Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors relate… CWE-787
 Out-of-bounds Write 		CVE-2015-0235 cpe:2.3:a:php:php:*:* 5.5.0
5.6.0
5.4.0



5.5.22
5.6.6
5.4.38 		2024-11-21 11:22
2015-01-29 		Show GitHub Exploit DB Packet Storm
297 -
6.8 		MEDIUM The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (… NVD-CWE-Other
CVE-2015-0232 cpe:2.3:a:php:php:5.6.4:*
cpe:2.3:a:php:php:5.6.3:*
cpe:2.3:a:php:php:5.6.2:*
cpe:2.3:a:php:php:5.6.1:*
cpe… 		5.4.36 2024-11-21 11:22
2015-01-28 		Show GitHub Exploit DB Packet Storm
298 -
7.5 		HIGH Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execu… NVD-CWE-Other
CVE-2015-0231 cpe:2.3:a:php:php:5.6.4:*
cpe:2.3:a:php:php:5.6.3:*
cpe:2.3:a:php:php:5.6.2:*
cpe:2.3:a:php:php:5.6.1:*
cpe… 		5.4.36 2024-11-21 11:22
2015-01-28 		Show GitHub Exploit DB Packet Storm
299 -
7.5 		HIGH sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length d… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2014-9427 cpe:2.3:a:php:php:5.6.4:*
cpe:2.3:a:php:php:5.6.3:*
cpe:2.3:a:php:php:5.6.2:*
cpe:2.3:a:php:php:5.6.0:beta4 		2024-11-21 11:20
2015-01-3 		Show GitHub Exploit DB Packet Storm
300 -
7.5 		HIGH The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attacke… CWE-17
Code 		CVE-2014-9426 cpe:2.3:a:php:php:*:* 5.6.4 2024-11-21 11:20
2014-12-31 		Show GitHub Exploit DB Packet Storm