Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
PHP Number Of NVD 689 CRITICAL 119 HIGH 257 MEDIUM 287 LOW 26
URL https://www.php.net/
Explanation It is an open source programming language used around the world as a development language for web applications.
It is developed by "The PHP Group" and is used in many open source web applications such as WordPress and Xoops.
Today, it can be used as a general-purpose scripting language for applications other than web applications.
It is a popular language among programming beginners because it is easy to learn.

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Add Information URL
No Type Name URL
1 https://www.php.net/supported-versions.php
2 https://www.php.net/downloads.php
3 https://www.php.net/eol.php
4 https://github.com/php/php-src
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
311 PHP8.3 8.3.28 Nov. 20, 2025 June 6, 2024 Dec. 31, 2025 Dec. 31, 2027 2 3 2 0
312 PHP8.2 8.2.29 July 3, 2025 Dec. 8, 2022 Dec. 31, 2024 Dec. 31, 2026 3 6 4 0
313 PHP8.1 8.1.33 July 3, 2025 Nov. 25, 2021 Nov. 25, 2023 Nov. 25, 2024 6 10 6 0
314 PHP8.0 8.0.30 Aug. 3, 2023 Nov. 26, 2020 Nov. 26, 2022 Nov. 26, 2023 6 9 11 0
315 PHP7.4 7.4.33 Nov. 3, 2022 Nov. 28, 2019 Nov. 28, 2021 Nov. 28, 2022 9 10 19 1
316 PHP7.3 7.3.33 Nov. 18, 2021 Dec. 6, 2018 Dec. 6, 2020 Dec. 6, 2021 19 17 21 1
317 PHP7.2 7.2.34 Oct. 1, 2020 Nov. 30, 2017 Nov. 30, 2019 Nov. 30, 2020 20 21 21 1
318 PHP7.1 7.1.33 Dec. 1, 2019 Dec. 1, 2016 Dec. 1, 2018 Dec. 1, 2019 30 36 10 0
319 PHP7.0 7.0.33 Dec. 6, 2018 Dec. 3, 2015 Dec. 3, 2017 Dec. 3, 2018 76 60 14 0
320 PHP5.6 5.6.40 Dec. 31, 2018 Aug. 28, 2014 Jan. 19, 2017 Dec. 31, 2018 77 95 41 1
321 PHP6.0 6.0 Jan. 1, 2000 4 8 5 0
322 PHP5.6 5.6.9 Jan. 1, 2000 77 95 41 1
323 PHP5.5 5.5.9 Jan. 1, 2000 72 98 67 3
324 PHP5.4 5.4.9 Jan. 1, 2000 61 103 74 4
325 PHP5.3 5.3.9 Jan. 1, 2000 62 110 134 4
326 PHP5.2 5.2.9 Jan. 1, 2000 63 156 184 7
327 PHP5.1 5.1.6 Jan. 1, 2000 63 150 150 19
328 PHP5.0 5.0.5 Jan. 1, 2000 63 154 157 14
329 PHP4.4 4.4.9 Jan. 1, 2000 62 149 164 20
330 PHP4.3 4.3.9 Jan. 1, 2000 62 158 164 15
331 PHP4.2 4.2.4 Jan. 1, 2000 62 157 166 15
332 PHP4.1 4.1.3 Jan. 1, 2000 62 159 163 15
333 PHP4.0 4.0.7 Jan. 1, 2000 62 161 168 17
334 PHP3.0 3.0.9 Jan. 1, 2000 61 136 140 6
335 PHP2.0b10 2.0b10 Jan. 1, 2000 61 124 132 6
336 PHP2.0 2.0.2 Jan. 1, 2000 61 124 132 6
337 PHP1.5 1.5 Jan. 1, 2000 61 120 131 6
338 PHP1.4 1.4 Jan. 1, 2000 61 120 131 6
339 PHP1.3 1.3.5 Jan. 1, 2000 61 120 131 6
340 PHP1.2 1.2.5 Jan. 1, 2000 61 120 131 6
341 PHP1.1 1.1.1 Jan. 1, 2000 61 120 131 6
342 PHP1.0 1.0.4 Jan. 1, 2000 61 124 132 6
343 PHP0.91 0.91 Jan. 1, 2000 61 120 131 6
344 PHP0.90 0.90 Jan. 1, 2000 61 120 131 6
345 PHP0.9 0.9.4 Jan. 1, 2000 61 120 131 6
346 PHP0.7 0.7 Jan. 1, 2000 61 120 131 6
347 PHP0.6 0.6 Jan. 1, 2000 61 120 131 6
348 PHP0.5 0.5.3 Jan. 1, 2000 61 120 131 6
349 PHP0.4 0.4 Jan. 1, 2000 61 120 131 6
350 PHP0.3 0.3 Jan. 1, 2000 61 120 131 6
351 PHP0.2 0.2.4 Jan. 1, 2000 61 120 131 6
352 PHP0.11 0.11 Jan. 1, 2000 61 120 131 6
353 PHP0.10 0.10 Jan. 1, 2000 61 120 131 6
354 PHP0.1 0.1.1 Jan. 1, 2000 61 120 131 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
311 -
4.3 		MEDIUM Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause… CWE-189
Numeric Errors 		CVE-2014-3587 cpe:2.3:a:php:php:5.5.9:*
cpe:2.3:a:php:php:5.5.8:*
cpe:2.3:a:php:php:5.5.7:*
cpe:2.3:a:php:php:5.5.6:*
cpe… 		5.4.31 2024-11-21 11:08
2014-08-23 		Show GitHub Exploit DB Packet Storm
312 -
4.6 		MEDIUM Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impac… NVD-CWE-Other
CVE-2014-4698 cpe:2.3:a:php:php:*:* 5.4.0
5.5.0

5.4.32
5.5.15 		2024-11-21 11:10
2014-07-10 		Show GitHub Exploit DB Packet Storm
313 -
4.6 		MEDIUM Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impa… NVD-CWE-Other
CVE-2014-4670 cpe:2.3:a:php:php:5.5.9:*
cpe:2.3:a:php:php:5.5.8:*
cpe:2.3:a:php:php:5.5.7:*
cpe:2.3:a:php:php:5.5.6:*
cpe… 		5.5.14 2024-11-21 11:10
2014-07-10 		Show GitHub Exploit DB Packet Storm
314 -
7.5 		HIGH The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers … NVD-CWE-noinfo
CVE-2014-3515 cpe:2.3:a:php:php:*:* 5.5.0
5.4.0



5.5.14
5.4.30
5.3.29 		2024-11-21 11:08
2014-07-9 		Show GitHub Exploit DB Packet Storm
315 -
4.3 		MEDIUM The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remot… CWE-20
 Improper Input Validation  		CVE-2014-3487 cpe:2.3:a:php:php:*:* 5.5.0
5.4.0



5.5.14
5.4.30
5.3.29 		2024-11-21 11:08
2014-07-9 		Show GitHub Exploit DB Packet Storm
316 -
4.3 		MEDIUM The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows r… NVD-CWE-noinfo
CVE-2014-3480 cpe:2.3:a:php:php:*:* 5.5.0
5.4.0



5.5.14
5.4.30
5.3.29 		2024-11-21 11:08
2014-07-9 		Show GitHub Exploit DB Packet Storm
317 -
4.3 		MEDIUM The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows r… NVD-CWE-noinfo
CVE-2014-3479 cpe:2.3:a:php:php:*:* 5.5.0
5.4.0



5.5.14
5.4.30
5.3.29 		2024-11-21 11:08
2014-07-9 		Show GitHub Exploit DB Packet Storm
318 -
5.0 		MEDIUM Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial … CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2014-3478 cpe:2.3:a:php:php:5.5.9:*
cpe:2.3:a:php:php:5.5.8:*
cpe:2.3:a:php:php:5.5.7:*
cpe:2.3:a:php:php:5.5.6:*
cpe… 		5.4.29 2024-11-21 11:08
2014-07-9 		Show GitHub Exploit DB Packet Storm
319 -
4.3 		MEDIUM The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2014-0207 cpe:2.3:a:php:php:*:* 5.5.0
5.4.0



5.5.14
5.4.30
5.3.29 		2024-11-21 11:01
2014-07-9 		Show GitHub Exploit DB Packet Storm
320 -
2.6 		LOW The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_S… CWE-200
Information Exposure 		CVE-2014-4721 cpe:2.3:a:php:php:*:* 5.5.0
5.4.0
5.3.0



5.5.14
5.4.30
5.3.29 		2024-11-21 11:10
2014-07-7 		Show GitHub Exploit DB Packet Storm