Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
PHP Number Of NVD 689 CRITICAL 119 HIGH 257 MEDIUM 287 LOW 26
URL https://www.php.net/
Explanation It is an open source programming language used around the world as a development language for web applications.
It is developed by "The PHP Group" and is used in many open source web applications such as WordPress and Xoops.
Today, it can be used as a general-purpose scripting language for applications other than web applications.
It is a popular language among programming beginners because it is easy to learn.

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Add Information URL
No Type Name URL
1 https://www.php.net/supported-versions.php
2 https://www.php.net/downloads.php
3 https://www.php.net/eol.php
4 https://github.com/php/php-src
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
481 PHP8.3 8.3.28 Nov. 20, 2025 June 6, 2024 Dec. 31, 2025 Dec. 31, 2027 2 3 2 0
482 PHP8.2 8.2.29 July 3, 2025 Dec. 8, 2022 Dec. 31, 2024 Dec. 31, 2026 3 6 4 0
483 PHP8.1 8.1.33 July 3, 2025 Nov. 25, 2021 Nov. 25, 2023 Nov. 25, 2024 6 10 6 0
484 PHP8.0 8.0.30 Aug. 3, 2023 Nov. 26, 2020 Nov. 26, 2022 Nov. 26, 2023 6 9 11 0
485 PHP7.4 7.4.33 Nov. 3, 2022 Nov. 28, 2019 Nov. 28, 2021 Nov. 28, 2022 9 10 19 1
486 PHP7.3 7.3.33 Nov. 18, 2021 Dec. 6, 2018 Dec. 6, 2020 Dec. 6, 2021 19 17 21 1
487 PHP7.2 7.2.34 Oct. 1, 2020 Nov. 30, 2017 Nov. 30, 2019 Nov. 30, 2020 20 21 21 1
488 PHP7.1 7.1.33 Dec. 1, 2019 Dec. 1, 2016 Dec. 1, 2018 Dec. 1, 2019 30 36 10 0
489 PHP7.0 7.0.33 Dec. 6, 2018 Dec. 3, 2015 Dec. 3, 2017 Dec. 3, 2018 76 60 14 0
490 PHP5.6 5.6.40 Dec. 31, 2018 Aug. 28, 2014 Jan. 19, 2017 Dec. 31, 2018 77 95 41 1
491 PHP6.0 6.0 Jan. 1, 2000 4 8 5 0
492 PHP5.6 5.6.9 Jan. 1, 2000 77 95 41 1
493 PHP5.5 5.5.9 Jan. 1, 2000 72 98 67 3
494 PHP5.4 5.4.9 Jan. 1, 2000 61 103 74 4
495 PHP5.3 5.3.9 Jan. 1, 2000 62 110 134 4
496 PHP5.2 5.2.9 Jan. 1, 2000 63 156 184 7
497 PHP5.1 5.1.6 Jan. 1, 2000 63 150 150 19
498 PHP5.0 5.0.5 Jan. 1, 2000 63 154 157 14
499 PHP4.4 4.4.9 Jan. 1, 2000 62 149 164 20
500 PHP4.3 4.3.9 Jan. 1, 2000 62 158 164 15
501 PHP4.2 4.2.4 Jan. 1, 2000 62 157 166 15
502 PHP4.1 4.1.3 Jan. 1, 2000 62 159 163 15
503 PHP4.0 4.0.7 Jan. 1, 2000 62 161 168 17
504 PHP3.0 3.0.9 Jan. 1, 2000 61 136 140 6
505 PHP2.0b10 2.0b10 Jan. 1, 2000 61 124 132 6
506 PHP2.0 2.0.2 Jan. 1, 2000 61 124 132 6
507 PHP1.5 1.5 Jan. 1, 2000 61 120 131 6
508 PHP1.4 1.4 Jan. 1, 2000 61 120 131 6
509 PHP1.3 1.3.5 Jan. 1, 2000 61 120 131 6
510 PHP1.2 1.2.5 Jan. 1, 2000 61 120 131 6
511 PHP1.1 1.1.1 Jan. 1, 2000 61 120 131 6
512 PHP1.0 1.0.4 Jan. 1, 2000 61 124 132 6
513 PHP0.91 0.91 Jan. 1, 2000 61 120 131 6
514 PHP0.90 0.90 Jan. 1, 2000 61 120 131 6
515 PHP0.9 0.9.4 Jan. 1, 2000 61 120 131 6
516 PHP0.7 0.7 Jan. 1, 2000 61 120 131 6
517 PHP0.6 0.6 Jan. 1, 2000 61 120 131 6
518 PHP0.5 0.5.3 Jan. 1, 2000 61 120 131 6
519 PHP0.4 0.4 Jan. 1, 2000 61 120 131 6
520 PHP0.3 0.3 Jan. 1, 2000 61 120 131 6
521 PHP0.2 0.2.4 Jan. 1, 2000 61 120 131 6
522 PHP0.11 0.11 Jan. 1, 2000 61 120 131 6
523 PHP0.10 0.10 Jan. 1, 2000 61 120 131 6
524 PHP0.1 0.1.1 Jan. 1, 2000 61 120 131 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
481 -
5.0 		MEDIUM Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width s… CWE-189
Numeric Errors 		CVE-2008-1384 cpe:2.3:a:php:php:*:* 5.2.5 2026-04-23 09:35
2008-03-28 		Show GitHub Exploit DB Packet Storm
482 -
5.0 		MEDIUM curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// r… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2007-4850 cpe:2.3:a:php:php:5.2.5:*
cpe:2.3:a:php:php:5.2.4:* 		2026-04-23 09:35
2008-01-25 		Show GitHub Exploit DB Packet Storm
483 -
7.5 		HIGH Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-… CWE-264
NVD-CWE-noinfo
Permissions, Privileges, and Access Controls 		CVE-2008-0145 cpe:2.3:a:php:php:*:* 4.4.7 2026-04-23 09:35
2008-01-9 		Show GitHub Exploit DB Packet Storm
484 -
4.3 		MEDIUM The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive in… CWE-200
Information Exposure 		CVE-2007-5899 cpe:2.3:a:php:php:*:* 5.2.4 2026-04-23 09:35
2007-11-21 		Show GitHub Exploit DB Packet Storm
485 -
2.1 		LOW PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter… CWE-20
 Improper Input Validation  		CVE-2007-6039 cpe:2.3:a:php:php:*:* 5.2.4 2026-04-23 09:35
2007-11-21 		Show GitHub Exploit DB Packet Storm
486 -
6.4 		MEDIUM The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465. NVD-CWE-noinfo
CVE-2007-5898 cpe:2.3:a:php:php:*:* 5.2.4 2026-04-23 09:35
2007-11-21 		Show GitHub Exploit DB Packet Storm
487 -
6.9 		MEDIUM PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a … CWE-264
Permissions, Privileges, and Access Controls 		CVE-2007-5900 cpe:2.3:a:php:php:*:* 5.2.4 2026-04-23 09:35
2007-11-21 		Show GitHub Exploit DB Packet Storm
488 -
9.3 		HIGH The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, a… CWE-78
OS Command  		CVE-2007-5653 cpe:2.3:a:php:php:*:* 5.2.4 2026-04-23 09:35
2007-10-24 		Show GitHub Exploit DB Packet Storm
489 -
4.3 		MEDIUM ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended … CWE-264
Permissions, Privileges, and Access Controls 		CVE-2007-5447 cpe:2.3:a:php:php:5.2.4:* 2026-04-23 09:35
2007-10-15 		Show GitHub Exploit DB Packet Storm
490 -
7.5 		HIGH The disable_functions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using ini_alter when ini_set is disabled. NVD-CWE-Other
CVE-2007-5424 cpe:2.3:a:php:php:5.0.0:*
cpe:2.3:a:php:php:4.0:* 		2026-04-23 09:35
2007-10-13 		Show GitHub Exploit DB Packet Storm