Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
PHP Number Of NVD 689 CRITICAL 119 HIGH 257 MEDIUM 287 LOW 26
URL https://www.php.net/
Explanation It is an open source programming language used around the world as a development language for web applications.
It is developed by "The PHP Group" and is used in many open source web applications such as WordPress and Xoops.
Today, it can be used as a general-purpose scripting language for applications other than web applications.
It is a popular language among programming beginners because it is easy to learn.

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Add Information URL
No Type Name URL
1 https://www.php.net/supported-versions.php
2 https://www.php.net/downloads.php
3 https://www.php.net/eol.php
4 https://github.com/php/php-src
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
491 PHP8.3 8.3.28 Nov. 20, 2025 June 6, 2024 Dec. 31, 2025 Dec. 31, 2027 2 3 2 0
492 PHP8.2 8.2.29 July 3, 2025 Dec. 8, 2022 Dec. 31, 2024 Dec. 31, 2026 3 6 4 0
493 PHP8.1 8.1.33 July 3, 2025 Nov. 25, 2021 Nov. 25, 2023 Nov. 25, 2024 6 10 6 0
494 PHP8.0 8.0.30 Aug. 3, 2023 Nov. 26, 2020 Nov. 26, 2022 Nov. 26, 2023 6 9 11 0
495 PHP7.4 7.4.33 Nov. 3, 2022 Nov. 28, 2019 Nov. 28, 2021 Nov. 28, 2022 9 10 19 1
496 PHP7.3 7.3.33 Nov. 18, 2021 Dec. 6, 2018 Dec. 6, 2020 Dec. 6, 2021 19 17 21 1
497 PHP7.2 7.2.34 Oct. 1, 2020 Nov. 30, 2017 Nov. 30, 2019 Nov. 30, 2020 20 21 21 1
498 PHP7.1 7.1.33 Dec. 1, 2019 Dec. 1, 2016 Dec. 1, 2018 Dec. 1, 2019 30 36 10 0
499 PHP7.0 7.0.33 Dec. 6, 2018 Dec. 3, 2015 Dec. 3, 2017 Dec. 3, 2018 76 60 14 0
500 PHP5.6 5.6.40 Dec. 31, 2018 Aug. 28, 2014 Jan. 19, 2017 Dec. 31, 2018 77 95 41 1
501 PHP6.0 6.0 Jan. 1, 2000 4 8 5 0
502 PHP5.6 5.6.9 Jan. 1, 2000 77 95 41 1
503 PHP5.5 5.5.9 Jan. 1, 2000 72 98 67 3
504 PHP5.4 5.4.9 Jan. 1, 2000 61 103 74 4
505 PHP5.3 5.3.9 Jan. 1, 2000 62 110 134 4
506 PHP5.2 5.2.9 Jan. 1, 2000 63 156 184 7
507 PHP5.1 5.1.6 Jan. 1, 2000 63 150 150 19
508 PHP5.0 5.0.5 Jan. 1, 2000 63 154 157 14
509 PHP4.4 4.4.9 Jan. 1, 2000 62 149 164 20
510 PHP4.3 4.3.9 Jan. 1, 2000 62 158 164 15
511 PHP4.2 4.2.4 Jan. 1, 2000 62 157 166 15
512 PHP4.1 4.1.3 Jan. 1, 2000 62 159 163 15
513 PHP4.0 4.0.7 Jan. 1, 2000 62 161 168 17
514 PHP3.0 3.0.9 Jan. 1, 2000 61 136 140 6
515 PHP2.0b10 2.0b10 Jan. 1, 2000 61 124 132 6
516 PHP2.0 2.0.2 Jan. 1, 2000 61 124 132 6
517 PHP1.5 1.5 Jan. 1, 2000 61 120 131 6
518 PHP1.4 1.4 Jan. 1, 2000 61 120 131 6
519 PHP1.3 1.3.5 Jan. 1, 2000 61 120 131 6
520 PHP1.2 1.2.5 Jan. 1, 2000 61 120 131 6
521 PHP1.1 1.1.1 Jan. 1, 2000 61 120 131 6
522 PHP1.0 1.0.4 Jan. 1, 2000 61 124 132 6
523 PHP0.91 0.91 Jan. 1, 2000 61 120 131 6
524 PHP0.90 0.90 Jan. 1, 2000 61 120 131 6
525 PHP0.9 0.9.4 Jan. 1, 2000 61 120 131 6
526 PHP0.7 0.7 Jan. 1, 2000 61 120 131 6
527 PHP0.6 0.6 Jan. 1, 2000 61 120 131 6
528 PHP0.5 0.5.3 Jan. 1, 2000 61 120 131 6
529 PHP0.4 0.4 Jan. 1, 2000 61 120 131 6
530 PHP0.3 0.3 Jan. 1, 2000 61 120 131 6
531 PHP0.2 0.2.4 Jan. 1, 2000 61 120 131 6
532 PHP0.11 0.11 Jan. 1, 2000 61 120 131 6
533 PHP0.10 0.10 Jan. 1, 2000 61 120 131 6
534 PHP0.1 0.1.1 Jan. 1, 2000 61 120 131 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
491 -
5.0 		MEDIUM SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an erro… CWE-20
 Improper Input Validation  		CVE-2007-5128 cpe:2.3:a:php:php:*:* 5.0.0 2026-04-23 09:35
2007-09-28 		Show GitHub Exploit DB Packet Storm
492 -
6.8 		MEDIUM The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, … NVD-CWE-Other
CVE-2007-4889 cpe:2.3:a:php:php:*:* 5.2.4 2026-04-23 09:35
2007-09-14 		Show GitHub Exploit DB Packet Storm
493 -
4.3 		MEDIUM The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage… CWE-20
 Improper Input Validation  		CVE-2007-4887 cpe:2.3:a:php:php:*:* 5.2.4 2026-04-23 09:35
2007-09-14 		Show GitHub Exploit DB Packet Storm
494 -
5.0 		MEDIUM PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in… CWE-20
 Improper Input Validation  		CVE-2007-4840 cpe:2.3:a:php:php:*:* 5.2.4 2026-04-23 09:35
2007-09-13 		Show GitHub Exploit DB Packet Storm
495 -
7.5 		HIGH Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function. CWE-22
Path Traversal 		CVE-2007-4825 cpe:2.3:a:php:php:*:* 5.2.3 2026-04-23 09:35
2007-09-12 		Show GitHub Exploit DB Packet Storm
496 -
5.0 		MEDIUM PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the s… CWE-94
Code Injection 		CVE-2007-4782 cpe:2.3:a:php:php:*:* 5.2.3 2026-04-23 09:35
2007-09-11 		Show GitHub Exploit DB Packet Storm
497 -
5.0 		MEDIUM The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also re… CWE-20
 Improper Input Validation  		CVE-2007-4783 cpe:2.3:a:php:php:*:* 5.2.4 2026-04-23 09:35
2007-09-11 		Show GitHub Exploit DB Packet Storm
498 -
5.0 		MEDIUM The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vu… CWE-20
 Improper Input Validation  		CVE-2007-4784 cpe:2.3:a:php:php:*:* 5.2.3 2026-04-23 09:35
2007-09-11 		Show GitHub Exploit DB Packet Storm
499 -
5.0 		MEDIUM Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285. NVD-CWE-noinfo
CVE-2007-4670 cpe:2.3:a:php:php:*:* 5.2.3 2026-04-23 09:35
2007-09-5 		Show GitHub Exploit DB Packet Storm
500 -
7.5 		HIGH Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a la… CWE-119
CWE-189
Incorrect Access of Indexable Resource ('Range Error') 
Numeric Errors 		CVE-2007-4657 cpe:2.3:a:php:php:*:* 4.0.0
5.0.0

4.4.8
5.2.4 		2026-04-23 09:35
2007-09-5 		Show GitHub Exploit DB Packet Storm