Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
PHP Number Of NVD 689 CRITICAL 119 HIGH 257 MEDIUM 287 LOW 26
URL https://www.php.net/
Explanation It is an open source programming language used around the world as a development language for web applications.
It is developed by "The PHP Group" and is used in many open source web applications such as WordPress and Xoops.
Today, it can be used as a general-purpose scripting language for applications other than web applications.
It is a popular language among programming beginners because it is easy to learn.

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Add Information URL
No Type Name URL
1 https://www.php.net/supported-versions.php
2 https://www.php.net/downloads.php
3 https://www.php.net/eol.php
4 https://github.com/php/php-src
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
511 PHP8.3 8.3.28 Nov. 20, 2025 June 6, 2024 Dec. 31, 2025 Dec. 31, 2027 2 3 2 0
512 PHP8.2 8.2.29 July 3, 2025 Dec. 8, 2022 Dec. 31, 2024 Dec. 31, 2026 3 6 4 0
513 PHP8.1 8.1.33 July 3, 2025 Nov. 25, 2021 Nov. 25, 2023 Nov. 25, 2024 6 10 6 0
514 PHP8.0 8.0.30 Aug. 3, 2023 Nov. 26, 2020 Nov. 26, 2022 Nov. 26, 2023 6 9 11 0
515 PHP7.4 7.4.33 Nov. 3, 2022 Nov. 28, 2019 Nov. 28, 2021 Nov. 28, 2022 9 10 19 1
516 PHP7.3 7.3.33 Nov. 18, 2021 Dec. 6, 2018 Dec. 6, 2020 Dec. 6, 2021 19 17 21 1
517 PHP7.2 7.2.34 Oct. 1, 2020 Nov. 30, 2017 Nov. 30, 2019 Nov. 30, 2020 20 21 21 1
518 PHP7.1 7.1.33 Dec. 1, 2019 Dec. 1, 2016 Dec. 1, 2018 Dec. 1, 2019 30 36 10 0
519 PHP7.0 7.0.33 Dec. 6, 2018 Dec. 3, 2015 Dec. 3, 2017 Dec. 3, 2018 76 60 14 0
520 PHP5.6 5.6.40 Dec. 31, 2018 Aug. 28, 2014 Jan. 19, 2017 Dec. 31, 2018 77 95 41 1
521 PHP6.0 6.0 Jan. 1, 2000 4 8 5 0
522 PHP5.6 5.6.9 Jan. 1, 2000 77 95 41 1
523 PHP5.5 5.5.9 Jan. 1, 2000 72 98 67 3
524 PHP5.4 5.4.9 Jan. 1, 2000 61 103 74 4
525 PHP5.3 5.3.9 Jan. 1, 2000 62 110 134 4
526 PHP5.2 5.2.9 Jan. 1, 2000 63 156 184 7
527 PHP5.1 5.1.6 Jan. 1, 2000 63 150 150 19
528 PHP5.0 5.0.5 Jan. 1, 2000 63 154 157 14
529 PHP4.4 4.4.9 Jan. 1, 2000 62 149 164 20
530 PHP4.3 4.3.9 Jan. 1, 2000 62 158 164 15
531 PHP4.2 4.2.4 Jan. 1, 2000 62 157 166 15
532 PHP4.1 4.1.3 Jan. 1, 2000 62 159 163 15
533 PHP4.0 4.0.7 Jan. 1, 2000 62 161 168 17
534 PHP3.0 3.0.9 Jan. 1, 2000 61 136 140 6
535 PHP2.0b10 2.0b10 Jan. 1, 2000 61 124 132 6
536 PHP2.0 2.0.2 Jan. 1, 2000 61 124 132 6
537 PHP1.5 1.5 Jan. 1, 2000 61 120 131 6
538 PHP1.4 1.4 Jan. 1, 2000 61 120 131 6
539 PHP1.3 1.3.5 Jan. 1, 2000 61 120 131 6
540 PHP1.2 1.2.5 Jan. 1, 2000 61 120 131 6
541 PHP1.1 1.1.1 Jan. 1, 2000 61 120 131 6
542 PHP1.0 1.0.4 Jan. 1, 2000 61 124 132 6
543 PHP0.91 0.91 Jan. 1, 2000 61 120 131 6
544 PHP0.90 0.90 Jan. 1, 2000 61 120 131 6
545 PHP0.9 0.9.4 Jan. 1, 2000 61 120 131 6
546 PHP0.7 0.7 Jan. 1, 2000 61 120 131 6
547 PHP0.6 0.6 Jan. 1, 2000 61 120 131 6
548 PHP0.5 0.5.3 Jan. 1, 2000 61 120 131 6
549 PHP0.4 0.4 Jan. 1, 2000 61 120 131 6
550 PHP0.3 0.3 Jan. 1, 2000 61 120 131 6
551 PHP0.2 0.2.4 Jan. 1, 2000 61 120 131 6
552 PHP0.11 0.11 Jan. 1, 2000 61 120 131 6
553 PHP0.10 0.10 Jan. 1, 2000 61 120 131 6
554 PHP0.1 0.1.1 Jan. 1, 2000 61 120 131 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
511 -
7.5 		HIGH The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerabil… CWE-94
Code Injection 		CVE-2007-4596 cpe:2.3:a:php:php:-:* 2026-04-23 09:35
2007-08-31 		Show GitHub Exploit DB Packet Storm
512 -
7.5 		HIGH Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as dem… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2007-4586 cpe:2.3:a:php:php:*:* 5.2.0 2026-04-23 09:35
2007-08-29 		Show GitHub Exploit DB Packet Storm
513 -
4.3 		MEDIUM The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary DLL and … NVD-CWE-Other
CVE-2007-4528 cpe:2.3:a:php:php:5.0.5:* 2026-04-23 09:35
2007-08-25 		Show GitHub Exploit DB Packet Storm
514 -
6.8 		MEDIUM Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getus… NVD-CWE-Other
CVE-2007-4507 cpe:2.3:a:php:php:5.2.3:* 2026-04-23 09:35
2007-08-24 		Show GitHub Exploit DB Packet Storm
515 -
4.6 		MEDIUM Buffer overflow in php_win32std.dll in the win32std extension for PHP 5.2.0 and earlier allows context-dependent attackers to execute arbitrary code via a long string in the filename argument to the … NVD-CWE-Other
CVE-2007-4441 cpe:2.3:a:php:php:*:* 5.2.0 2026-04-23 09:35
2007-08-21 		Show GitHub Exploit DB Packet Storm
516 -
7.5 		HIGH Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function. NVD-CWE-Other
CVE-2007-4255 cpe:2.3:a:php:php:5.2.3:* 2026-04-23 09:35
2007-08-9 		Show GitHub Exploit DB Packet Storm
517 -
7.5 		HIGH Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this is… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2007-4033 cpe:2.3:a:php:php:5.2.3:* 2026-04-23 09:35
2007-07-28 		Show GitHub Exploit DB Packet Storm
518 -
6.8 		MEDIUM The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function. NVD-CWE-Other
CVE-2007-4010 cpe:2.3:a:php:php:5.2.3:* 2026-04-23 09:35
2007-07-26 		Show GitHub Exploit DB Packet Storm
519 -
6.8 		MEDIUM The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to mem… CWE-20
CWE-399
 Improper Input Validation 
 Resource Management Errors 		CVE-2007-3806 cpe:2.3:a:php:php:5.2.3:* 2026-04-23 09:35
2007-07-17 		Show GitHub Exploit DB Packet Storm
520 -
4.3 		MEDIUM The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie … CWE-20
 Improper Input Validation  		CVE-2007-3799 cpe:2.3:a:php:php:5.2.3:*
cpe:2.3:a:php:php:5.2.2:*
cpe:2.3:a:php:php:5.2.1:*
cpe:2.3:a:php:php:5.2.14:*
cp… 		2026-04-23 09:35
2007-07-17 		Show GitHub Exploit DB Packet Storm