Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
PHP Number Of NVD 699 CRITICAL 123 HIGH 261 MEDIUM 289 LOW 26
URL https://www.php.net/
Explanation It is an open source programming language used around the world as a development language for web applications.
It is developed by "The PHP Group" and is used in many open source web applications such as WordPress and Xoops.
Today, it can be used as a general-purpose scripting language for applications other than web applications.
It is a popular language among programming beginners because it is easy to learn.

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Add Information URL
No Type Name URL
1 https://www.php.net/supported-versions.php
2 https://www.php.net/downloads.php
3 https://www.php.net/eol.php
4 https://github.com/php/php-src
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
131 PHP8.3 8.3.28 Nov. 20, 2025 June 6, 2024 Dec. 31, 2025 Dec. 31, 2027 5 6 4 0
132 PHP8.2 8.2.29 July 3, 2025 Dec. 8, 2022 Dec. 31, 2024 Dec. 31, 2026 6 9 6 0
133 PHP8.1 8.1.33 July 3, 2025 Nov. 25, 2021 Nov. 25, 2023 Nov. 25, 2024 6 10 6 0
134 PHP8.0 8.0.30 Aug. 3, 2023 Nov. 26, 2020 Nov. 26, 2022 Nov. 26, 2023 6 9 11 0
135 PHP7.4 7.4.33 Nov. 3, 2022 Nov. 28, 2019 Nov. 28, 2021 Nov. 28, 2022 9 10 19 1
136 PHP7.3 7.3.33 Nov. 18, 2021 Dec. 6, 2018 Dec. 6, 2020 Dec. 6, 2021 19 17 21 1
137 PHP7.2 7.2.34 Oct. 1, 2020 Nov. 30, 2017 Nov. 30, 2019 Nov. 30, 2020 20 21 21 1
138 PHP7.1 7.1.33 Dec. 1, 2019 Dec. 1, 2016 Dec. 1, 2018 Dec. 1, 2019 30 36 10 0
139 PHP7.0 7.0.33 Dec. 6, 2018 Dec. 3, 2015 Dec. 3, 2017 Dec. 3, 2018 76 60 14 0
140 PHP5.6 5.6.40 Dec. 31, 2018 Aug. 28, 2014 Jan. 19, 2017 Dec. 31, 2018 77 95 41 1
141 PHP6.0 6.0 Jan. 1, 2000 4 8 5 0
142 PHP5.6 5.6.9 Jan. 1, 2000 77 95 41 1
143 PHP5.5 5.5.9 Jan. 1, 2000 72 98 67 3
144 PHP5.4 5.4.9 Jan. 1, 2000 61 103 74 4
145 PHP5.3 5.3.9 Jan. 1, 2000 62 110 134 4
146 PHP5.2 5.2.9 Jan. 1, 2000 63 156 184 7
147 PHP5.1 5.1.6 Jan. 1, 2000 63 150 150 19
148 PHP5.0 5.0.5 Jan. 1, 2000 63 154 157 14
149 PHP4.4 4.4.9 Jan. 1, 2000 62 149 164 20
150 PHP4.3 4.3.9 Jan. 1, 2000 62 158 164 15
151 PHP4.2 4.2.4 Jan. 1, 2000 62 157 166 15
152 PHP4.1 4.1.3 Jan. 1, 2000 62 159 163 15
153 PHP4.0 4.0.7 Jan. 1, 2000 62 161 168 17
154 PHP3.0 3.0.9 Jan. 1, 2000 61 136 140 6
155 PHP2.0b10 2.0b10 Jan. 1, 2000 61 124 132 6
156 PHP2.0 2.0.2 Jan. 1, 2000 61 124 132 6
157 PHP1.5 1.5 Jan. 1, 2000 61 120 131 6
158 PHP1.4 1.4 Jan. 1, 2000 61 120 131 6
159 PHP1.3 1.3.5 Jan. 1, 2000 61 120 131 6
160 PHP1.2 1.2.5 Jan. 1, 2000 61 120 131 6
161 PHP1.1 1.1.1 Jan. 1, 2000 61 120 131 6
162 PHP1.0 1.0.4 Jan. 1, 2000 61 124 132 6
163 PHP0.91 0.91 Jan. 1, 2000 61 120 131 6
164 PHP0.90 0.90 Jan. 1, 2000 61 120 131 6
165 PHP0.9 0.9.4 Jan. 1, 2000 61 120 131 6
166 PHP0.7 0.7 Jan. 1, 2000 61 120 131 6
167 PHP0.6 0.6 Jan. 1, 2000 61 120 131 6
168 PHP0.5 0.5.3 Jan. 1, 2000 61 120 131 6
169 PHP0.4 0.4 Jan. 1, 2000 61 120 131 6
170 PHP0.3 0.3 Jan. 1, 2000 61 120 131 6
171 PHP0.2 0.2.4 Jan. 1, 2000 61 120 131 6
172 PHP0.11 0.11 Jan. 1, 2000 61 120 131 6
173 PHP0.10 0.10 Jan. 1, 2000 61 120 131 6
174 PHP0.1 0.1.1 Jan. 1, 2000 61 120 131 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
131 9.8
7.5 		CRITICAL
Network 		An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regu… CWE-787
 Out-of-bounds Write 		CVE-2017-9226 cpe:2.3:a:php:php:*:* 7.1.0
7.0.0



7.1.7
7.0.21
5.6.31 		2024-11-21 12:35
2017-05-25 		Show GitHub Exploit DB Packet Storm
132 9.8
7.5 		CRITICAL
Network 		An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str… CWE-787
 Out-of-bounds Write 		CVE-2017-9225 cpe:2.3:a:php:php:*:* 7.1.5 2024-11-21 12:35
2017-05-25 		Show GitHub Exploit DB Packet Storm
133 9.8
7.5 		CRITICAL
Network 		An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression… CWE-125
Out-of-bounds Read 		CVE-2017-9224 cpe:2.3:a:php:php:*:* 7.1.0
7.0.0



7.1.7
7.0.21
5.6.31 		2024-11-21 12:35
2017-05-25 		Show GitHub Exploit DB Packet Storm
134 9.8
7.5 		CRITICAL
Network 		The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact b… CWE-400
 Uncontrolled Resource Consumption 		CVE-2017-9119 cpe:2.3:a:php:php:7.1.5:* 2024-11-21 12:35
2017-05-22 		Show GitHub Exploit DB Packet Storm
135 7.0
4.4 		HIGH
Local 		In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/i… CWE-22
Path Traversal 		CVE-2017-9067 cpe:2.3:a:php:php:5.3.3:* 2024-11-21 12:35
2017-05-19 		Show GitHub Exploit DB Packet Storm
136 9.8
7.5 		CRITICAL
Network 		The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial… CWE-787
 Out-of-bounds Write 		CVE-2017-8923 cpe:2.3:a:php:php:*:* 8.0.0

8.0.11
7.4.24 		2024-11-21 12:34
2017-05-13 		Show GitHub Exploit DB Packet Storm
137 7.8
6.8 		HIGH
Local 		The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary co… CWE-787
 Out-of-bounds Write 		CVE-2016-5399 cpe:2.3:a:php:php:*:*
7.0.0
5.6.0 		5.5.37


7.0.9
5.6.24 		2024-11-21 11:54
2017-04-22 		Show GitHub Exploit DB Packet Storm
138 7.5
5.0 		HIGH
Network 		The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long str… CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2017-7963 cpe:2.3:a:php:php:*:* 7.1.4 2024-11-21 12:33
2017-04-20 		Show GitHub Exploit DB Packet Storm
139 7.5
5.0 		HIGH
Network 		The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in … CWE-476
 NULL Pointer Dereference 		CVE-2017-6441 cpe:2.3:a:php:php:7.1.2:* 2024-11-21 12:29
2017-04-3 		Show GitHub Exploit DB Packet Storm
140 7.4
5.8 		HIGH
Network 		PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is r… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2017-7272 cpe:2.3:a:php:php:*:* 7.1.3 2024-11-21 12:31
2017-03-28 		Show GitHub Exploit DB Packet Storm