Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
PHP Number Of NVD 689 CRITICAL 119 HIGH 257 MEDIUM 287 LOW 26
URL https://www.php.net/
Explanation It is an open source programming language used around the world as a development language for web applications.
It is developed by "The PHP Group" and is used in many open source web applications such as WordPress and Xoops.
Today, it can be used as a general-purpose scripting language for applications other than web applications.
It is a popular language among programming beginners because it is easy to learn.

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Add Information URL
No Type Name URL
1 https://www.php.net/supported-versions.php
2 https://www.php.net/downloads.php
3 https://www.php.net/eol.php
4 https://github.com/php/php-src
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
71 PHP8.3 8.3.28 Nov. 20, 2025 June 6, 2024 Dec. 31, 2025 Dec. 31, 2027 2 3 2 0
72 PHP8.2 8.2.29 July 3, 2025 Dec. 8, 2022 Dec. 31, 2024 Dec. 31, 2026 3 6 4 0
73 PHP8.1 8.1.33 July 3, 2025 Nov. 25, 2021 Nov. 25, 2023 Nov. 25, 2024 6 10 6 0
74 PHP8.0 8.0.30 Aug. 3, 2023 Nov. 26, 2020 Nov. 26, 2022 Nov. 26, 2023 6 9 11 0
75 PHP7.4 7.4.33 Nov. 3, 2022 Nov. 28, 2019 Nov. 28, 2021 Nov. 28, 2022 9 10 19 1
76 PHP7.3 7.3.33 Nov. 18, 2021 Dec. 6, 2018 Dec. 6, 2020 Dec. 6, 2021 19 17 21 1
77 PHP7.2 7.2.34 Oct. 1, 2020 Nov. 30, 2017 Nov. 30, 2019 Nov. 30, 2020 20 21 21 1
78 PHP7.1 7.1.33 Dec. 1, 2019 Dec. 1, 2016 Dec. 1, 2018 Dec. 1, 2019 30 36 10 0
79 PHP7.0 7.0.33 Dec. 6, 2018 Dec. 3, 2015 Dec. 3, 2017 Dec. 3, 2018 76 60 14 0
80 PHP5.6 5.6.40 Dec. 31, 2018 Aug. 28, 2014 Jan. 19, 2017 Dec. 31, 2018 77 95 41 1
81 PHP6.0 6.0 Jan. 1, 2000 4 8 5 0
82 PHP5.6 5.6.9 Jan. 1, 2000 77 95 41 1
83 PHP5.5 5.5.9 Jan. 1, 2000 72 98 67 3
84 PHP5.4 5.4.9 Jan. 1, 2000 61 103 74 4
85 PHP5.3 5.3.9 Jan. 1, 2000 62 110 134 4
86 PHP5.2 5.2.9 Jan. 1, 2000 63 156 184 7
87 PHP5.1 5.1.6 Jan. 1, 2000 63 150 150 19
88 PHP5.0 5.0.5 Jan. 1, 2000 63 154 157 14
89 PHP4.4 4.4.9 Jan. 1, 2000 62 149 164 20
90 PHP4.3 4.3.9 Jan. 1, 2000 62 158 164 15
91 PHP4.2 4.2.4 Jan. 1, 2000 62 157 166 15
92 PHP4.1 4.1.3 Jan. 1, 2000 62 159 163 15
93 PHP4.0 4.0.7 Jan. 1, 2000 62 161 168 17
94 PHP3.0 3.0.9 Jan. 1, 2000 61 136 140 6
95 PHP2.0b10 2.0b10 Jan. 1, 2000 61 124 132 6
96 PHP2.0 2.0.2 Jan. 1, 2000 61 124 132 6
97 PHP1.5 1.5 Jan. 1, 2000 61 120 131 6
98 PHP1.4 1.4 Jan. 1, 2000 61 120 131 6
99 PHP1.3 1.3.5 Jan. 1, 2000 61 120 131 6
100 PHP1.2 1.2.5 Jan. 1, 2000 61 120 131 6
101 PHP1.1 1.1.1 Jan. 1, 2000 61 120 131 6
102 PHP1.0 1.0.4 Jan. 1, 2000 61 124 132 6
103 PHP0.91 0.91 Jan. 1, 2000 61 120 131 6
104 PHP0.90 0.90 Jan. 1, 2000 61 120 131 6
105 PHP0.9 0.9.4 Jan. 1, 2000 61 120 131 6
106 PHP0.7 0.7 Jan. 1, 2000 61 120 131 6
107 PHP0.6 0.6 Jan. 1, 2000 61 120 131 6
108 PHP0.5 0.5.3 Jan. 1, 2000 61 120 131 6
109 PHP0.4 0.4 Jan. 1, 2000 61 120 131 6
110 PHP0.3 0.3 Jan. 1, 2000 61 120 131 6
111 PHP0.2 0.2.4 Jan. 1, 2000 61 120 131 6
112 PHP0.11 0.11 Jan. 1, 2000 61 120 131 6
113 PHP0.10 0.10 Jan. 1, 2000 61 120 131 6
114 PHP0.1 0.1.1 Jan. 1, 2000 61 120 131 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
71 7.5
5.0 		HIGH
Network 		An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling… CWE-125
Out-of-bounds Read 		CVE-2019-9638 cpe:2.3:a:php:php:*:*
7.2.0
7.3.0



7.1.27
7.2.16
7.3.3 		2024-11-21 13:52
2019-03-9 		Show GitHub Exploit DB Packet Storm
72 7.5
5.0 		HIGH
Network 		An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2019-9637 cpe:2.3:a:php:php:*:*
7.2.0
7.3.0



7.1.27
7.2.16
7.3.3 		2024-11-21 13:52
2019-03-9 		Show GitHub Exploit DB Packet Storm
73 9.8
7.5 		CRITICAL
Network 		An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with … CWE-125
CWE-787
Out-of-bounds Read
 Out-of-bounds Write 		CVE-2019-9025 cpe:2.3:a:php:php:*:* 7.3.0 7.3.1 2024-11-21 13:50
2019-02-23 		Show GitHub Exploit DB Packet Storm
74 7.5
5.0 		HIGH
Network 		An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of … CWE-125
Out-of-bounds Read 		CVE-2019-9024 cpe:2.3:a:php:php:*:* 7.2.0
7.0.0

7.3.0





7.2.14
7.1.26
5.6.40
7.3.1 		2024-11-21 13:50
2019-02-23 		Show GitHub Exploit DB Packet Storm
75 7.5
5.0 		HIGH
Network 		An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse mem… CWE-125
Out-of-bounds Read 		CVE-2019-9022 cpe:2.3:a:php:php:*:* 7.2.0
7.0.0
7.3.0



7.2.14
7.1.26
7.3.2 		2024-11-21 13:50
2019-02-23 		Show GitHub Exploit DB Packet Storm
76 9.8
7.5 		CRITICAL
Network 		An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular express… CWE-125
Out-of-bounds Read 		CVE-2019-9023 cpe:2.3:a:php:php:*:* 7.2.0
7.0.0

7.3.0





7.2.14
7.1.26
5.6.40
7.3.1 		2024-11-21 13:50
2019-02-23 		Show GitHub Exploit DB Packet Storm
77 9.8
7.5 		CRITICAL
Network 		An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow a… CWE-125
Out-of-bounds Read 		CVE-2019-9021 cpe:2.3:a:php:php:*:* 7.2.0
7.0.0

7.3.0





7.2.14
7.1.26
5.6.40
7.3.1 		2024-11-21 13:50
2019-02-23 		Show GitHub Exploit DB Packet Storm
78 9.8
7.5 		CRITICAL
Network 		An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap … CWE-125
CWE-416
Out-of-bounds Read
 Use After Free 		CVE-2019-9020 cpe:2.3:a:php:php:*:* 7.2.0
7.0.0

7.3.0





7.2.14
7.1.26
5.6.40
7.3.1 		2024-11-21 13:50
2019-02-23 		Show GitHub Exploit DB Packet Storm
79 7.5
5.0 		HIGH
Network 		In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past … CWE-125
Out-of-bounds Read 		CVE-2018-20783 cpe:2.3:a:php:php:*:*
7.0.0
7.1.0
7.2.0





5.6.39
7.0.33
7.1.25
7.2.13 		2024-11-21 13:02
2019-02-22 		Show GitHub Exploit DB Packet Storm
80 8.8
6.8 		HIGH
Network 		gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x bef… CWE-787
 Out-of-bounds Write 		CVE-2019-6977 cpe:2.3:a:php:php:7.3.0:*
cpe:2.3:a:php:php:*:* 		7.2.0
7.0.0



7.2.14
7.1.26
5.6.40 		2024-11-21 13:47
2019-01-27 		Show GitHub Exploit DB Packet Storm