Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
PHP Number Of NVD 699 CRITICAL 123 HIGH 261 MEDIUM 289 LOW 26
URL https://www.php.net/
Explanation It is an open source programming language used around the world as a development language for web applications.
It is developed by "The PHP Group" and is used in many open source web applications such as WordPress and Xoops.
Today, it can be used as a general-purpose scripting language for applications other than web applications.
It is a popular language among programming beginners because it is easy to learn.

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Add Information URL
No Type Name URL
1 https://www.php.net/supported-versions.php
2 https://www.php.net/downloads.php
3 https://www.php.net/eol.php
4 https://github.com/php/php-src
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
141 PHP8.3 8.3.28 Nov. 20, 2025 June 6, 2024 Dec. 31, 2025 Dec. 31, 2027 5 6 4 0
142 PHP8.2 8.2.29 July 3, 2025 Dec. 8, 2022 Dec. 31, 2024 Dec. 31, 2026 6 9 6 0
143 PHP8.1 8.1.33 July 3, 2025 Nov. 25, 2021 Nov. 25, 2023 Nov. 25, 2024 6 10 6 0
144 PHP8.0 8.0.30 Aug. 3, 2023 Nov. 26, 2020 Nov. 26, 2022 Nov. 26, 2023 6 9 11 0
145 PHP7.4 7.4.33 Nov. 3, 2022 Nov. 28, 2019 Nov. 28, 2021 Nov. 28, 2022 9 10 19 1
146 PHP7.3 7.3.33 Nov. 18, 2021 Dec. 6, 2018 Dec. 6, 2020 Dec. 6, 2021 19 17 21 1
147 PHP7.2 7.2.34 Oct. 1, 2020 Nov. 30, 2017 Nov. 30, 2019 Nov. 30, 2020 20 21 21 1
148 PHP7.1 7.1.33 Dec. 1, 2019 Dec. 1, 2016 Dec. 1, 2018 Dec. 1, 2019 30 36 10 0
149 PHP7.0 7.0.33 Dec. 6, 2018 Dec. 3, 2015 Dec. 3, 2017 Dec. 3, 2018 76 60 14 0
150 PHP5.6 5.6.40 Dec. 31, 2018 Aug. 28, 2014 Jan. 19, 2017 Dec. 31, 2018 77 95 41 1
151 PHP6.0 6.0 Jan. 1, 2000 4 8 5 0
152 PHP5.6 5.6.9 Jan. 1, 2000 77 95 41 1
153 PHP5.5 5.5.9 Jan. 1, 2000 72 98 67 3
154 PHP5.4 5.4.9 Jan. 1, 2000 61 103 74 4
155 PHP5.3 5.3.9 Jan. 1, 2000 62 110 134 4
156 PHP5.2 5.2.9 Jan. 1, 2000 63 156 184 7
157 PHP5.1 5.1.6 Jan. 1, 2000 63 150 150 19
158 PHP5.0 5.0.5 Jan. 1, 2000 63 154 157 14
159 PHP4.4 4.4.9 Jan. 1, 2000 62 149 164 20
160 PHP4.3 4.3.9 Jan. 1, 2000 62 158 164 15
161 PHP4.2 4.2.4 Jan. 1, 2000 62 157 166 15
162 PHP4.1 4.1.3 Jan. 1, 2000 62 159 163 15
163 PHP4.0 4.0.7 Jan. 1, 2000 62 161 168 17
164 PHP3.0 3.0.9 Jan. 1, 2000 61 136 140 6
165 PHP2.0b10 2.0b10 Jan. 1, 2000 61 124 132 6
166 PHP2.0 2.0.2 Jan. 1, 2000 61 124 132 6
167 PHP1.5 1.5 Jan. 1, 2000 61 120 131 6
168 PHP1.4 1.4 Jan. 1, 2000 61 120 131 6
169 PHP1.3 1.3.5 Jan. 1, 2000 61 120 131 6
170 PHP1.2 1.2.5 Jan. 1, 2000 61 120 131 6
171 PHP1.1 1.1.1 Jan. 1, 2000 61 120 131 6
172 PHP1.0 1.0.4 Jan. 1, 2000 61 124 132 6
173 PHP0.91 0.91 Jan. 1, 2000 61 120 131 6
174 PHP0.90 0.90 Jan. 1, 2000 61 120 131 6
175 PHP0.9 0.9.4 Jan. 1, 2000 61 120 131 6
176 PHP0.7 0.7 Jan. 1, 2000 61 120 131 6
177 PHP0.6 0.6 Jan. 1, 2000 61 120 131 6
178 PHP0.5 0.5.3 Jan. 1, 2000 61 120 131 6
179 PHP0.4 0.4 Jan. 1, 2000 61 120 131 6
180 PHP0.3 0.3 Jan. 1, 2000 61 120 131 6
181 PHP0.2 0.2.4 Jan. 1, 2000 61 120 131 6
182 PHP0.11 0.11 Jan. 1, 2000 61 120 131 6
183 PHP0.10 0.10 Jan. 1, 2000 61 120 131 6
184 PHP0.1 0.1.1 Jan. 1, 2000 61 120 131 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
141 7.5
6.8 		HIGH
Network 		An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a n… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2015-8994 cpe:2.3:a:php:php:*:* 5.0.0
7.0.0 		5.6.29

7.0.14 		2024-11-21 11:39
2017-03-2 		Show GitHub Exploit DB Packet Storm
142 7.5
5.0 		HIGH
Network 		The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application c… CWE-476
 NULL Pointer Dereference 		CVE-2016-10162 cpe:2.3:a:php:php:7.1.0:*
cpe:2.3:a:php:php:7.0.9:*
cpe:2.3:a:php:php:7.0.8:*
cpe:2.3:a:php:php:7.0.7:*
cpe… 		2024-11-21 11:43
2017-01-25 		Show GitHub Exploit DB Packet Storm
143 7.5
5.0 		HIGH
Network 		The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read… CWE-125
Out-of-bounds Read 		CVE-2016-10161 cpe:2.3:a:php:php:7.1.0:*
cpe:2.3:a:php:php:7.0.9:*
cpe:2.3:a:php:php:7.0.8:*
cpe:2.3:a:php:php:7.0.7:*
cpe… 		5.6.29 2024-11-21 11:43
2017-01-25 		Show GitHub Exploit DB Packet Storm
144 9.8
7.5 		CRITICAL
Network 		Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possib… CWE-193
 Off-by-one Error 		CVE-2016-10160 cpe:2.3:a:php:php:*:* 7.1.0
7.0.0
5.6.0



7.1.1
7.0.15
5.6.30 		2024-11-21 11:43
2017-01-25 		Show GitHub Exploit DB Packet Storm
145 7.5
5.0 		HIGH
Network 		Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or applic… CWE-190
 Integer Overflow or Wraparound 		CVE-2016-10159 cpe:2.3:a:php:php:7.1.0:-
cpe:2.3:a:php:php:*:*
7.0.0 		5.6.29

7.0.15 		2024-11-21 11:43
2017-01-25 		Show GitHub Exploit DB Packet Storm
146 7.5
5.0 		HIGH
Network 		The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via … CWE-189
Numeric Errors 		CVE-2016-10158 cpe:2.3:a:php:php:7.1.0:*
cpe:2.3:a:php:php:7.0.9:*
cpe:2.3:a:php:php:7.0.8:*
cpe:2.3:a:php:php:7.0.7:*
cpe… 		5.6.29 2024-11-21 11:43
2017-01-25 		Show GitHub Exploit DB Packet Storm
147 9.8
7.5 		CRITICAL
Network 		In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain ar… CWE-416
 Use After Free 		CVE-2016-7479 cpe:2.3:a:php:php:7.1.0:*
cpe:2.3:a:php:php:7.0.9:*
cpe:2.3:a:php:php:7.0.8:*
cpe:2.3:a:php:php:7.0.7:*
cpe… 		2024-11-21 11:58
2017-01-12 		Show GitHub Exploit DB Packet Storm
148 9.8
7.5 		CRITICAL
Network 		The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or caus… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2016-7480 cpe:2.3:a:php:php:*:* 7.0.0 7.0.11 2024-11-21 11:58
2017-01-11 		Show GitHub Exploit DB Packet Storm
149 9.8
7.5 		CRITICAL
Network 		Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial o… CWE-190
 Integer Overflow or Wraparound 		CVE-2017-5340 cpe:2.3:a:php:php:*:* 7.1.0
7.0.0

7.1.1
7.0.15 		2024-11-21 12:27
2017-01-11 		Show GitHub Exploit DB Packet Storm
150 7.5
5.0 		HIGH
Network 		Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data… NVD-CWE-Other
CVE-2016-7478 cpe:2.3:a:php:php:7.0.9:*
cpe:2.3:a:php:php:7.0.8:*
cpe:2.3:a:php:php:7.0.7:*
cpe:2.3:a:php:php:7.0.6:*
cpe… 		2024-11-21 11:58
2017-01-11 		Show GitHub Exploit DB Packet Storm