Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
PHP Number Of NVD 699 CRITICAL 123 HIGH 261 MEDIUM 289 LOW 26
URL https://www.php.net/
Explanation It is an open source programming language used around the world as a development language for web applications.
It is developed by "The PHP Group" and is used in many open source web applications such as WordPress and Xoops.
Today, it can be used as a general-purpose scripting language for applications other than web applications.
It is a popular language among programming beginners because it is easy to learn.

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Add Information URL
No Type Name URL
1 https://www.php.net/supported-versions.php
2 https://www.php.net/downloads.php
3 https://www.php.net/eol.php
4 https://github.com/php/php-src
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
221 PHP8.3 8.3.28 Nov. 20, 2025 June 6, 2024 Dec. 31, 2025 Dec. 31, 2027 5 6 4 0
222 PHP8.2 8.2.29 July 3, 2025 Dec. 8, 2022 Dec. 31, 2024 Dec. 31, 2026 6 9 6 0
223 PHP8.1 8.1.33 July 3, 2025 Nov. 25, 2021 Nov. 25, 2023 Nov. 25, 2024 6 10 6 0
224 PHP8.0 8.0.30 Aug. 3, 2023 Nov. 26, 2020 Nov. 26, 2022 Nov. 26, 2023 6 9 11 0
225 PHP7.4 7.4.33 Nov. 3, 2022 Nov. 28, 2019 Nov. 28, 2021 Nov. 28, 2022 9 10 19 1
226 PHP7.3 7.3.33 Nov. 18, 2021 Dec. 6, 2018 Dec. 6, 2020 Dec. 6, 2021 19 17 21 1
227 PHP7.2 7.2.34 Oct. 1, 2020 Nov. 30, 2017 Nov. 30, 2019 Nov. 30, 2020 20 21 21 1
228 PHP7.1 7.1.33 Dec. 1, 2019 Dec. 1, 2016 Dec. 1, 2018 Dec. 1, 2019 30 36 10 0
229 PHP7.0 7.0.33 Dec. 6, 2018 Dec. 3, 2015 Dec. 3, 2017 Dec. 3, 2018 76 60 14 0
230 PHP5.6 5.6.40 Dec. 31, 2018 Aug. 28, 2014 Jan. 19, 2017 Dec. 31, 2018 77 95 41 1
231 PHP6.0 6.0 Jan. 1, 2000 4 8 5 0
232 PHP5.6 5.6.9 Jan. 1, 2000 77 95 41 1
233 PHP5.5 5.5.9 Jan. 1, 2000 72 98 67 3
234 PHP5.4 5.4.9 Jan. 1, 2000 61 103 74 4
235 PHP5.3 5.3.9 Jan. 1, 2000 62 110 134 4
236 PHP5.2 5.2.9 Jan. 1, 2000 63 156 184 7
237 PHP5.1 5.1.6 Jan. 1, 2000 63 150 150 19
238 PHP5.0 5.0.5 Jan. 1, 2000 63 154 157 14
239 PHP4.4 4.4.9 Jan. 1, 2000 62 149 164 20
240 PHP4.3 4.3.9 Jan. 1, 2000 62 158 164 15
241 PHP4.2 4.2.4 Jan. 1, 2000 62 157 166 15
242 PHP4.1 4.1.3 Jan. 1, 2000 62 159 163 15
243 PHP4.0 4.0.7 Jan. 1, 2000 62 161 168 17
244 PHP3.0 3.0.9 Jan. 1, 2000 61 136 140 6
245 PHP2.0b10 2.0b10 Jan. 1, 2000 61 124 132 6
246 PHP2.0 2.0.2 Jan. 1, 2000 61 124 132 6
247 PHP1.5 1.5 Jan. 1, 2000 61 120 131 6
248 PHP1.4 1.4 Jan. 1, 2000 61 120 131 6
249 PHP1.3 1.3.5 Jan. 1, 2000 61 120 131 6
250 PHP1.2 1.2.5 Jan. 1, 2000 61 120 131 6
251 PHP1.1 1.1.1 Jan. 1, 2000 61 120 131 6
252 PHP1.0 1.0.4 Jan. 1, 2000 61 124 132 6
253 PHP0.91 0.91 Jan. 1, 2000 61 120 131 6
254 PHP0.90 0.90 Jan. 1, 2000 61 120 131 6
255 PHP0.9 0.9.4 Jan. 1, 2000 61 120 131 6
256 PHP0.7 0.7 Jan. 1, 2000 61 120 131 6
257 PHP0.6 0.6 Jan. 1, 2000 61 120 131 6
258 PHP0.5 0.5.3 Jan. 1, 2000 61 120 131 6
259 PHP0.4 0.4 Jan. 1, 2000 61 120 131 6
260 PHP0.3 0.3 Jan. 1, 2000 61 120 131 6
261 PHP0.2 0.2.4 Jan. 1, 2000 61 120 131 6
262 PHP0.11 0.11 Jan. 1, 2000 61 120 131 6
263 PHP0.10 0.10 Jan. 1, 2000 61 120 131 6
264 PHP0.1 0.1.1 Jan. 1, 2000 61 120 131 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
221 9.6
6.8 		CRITICAL
Network 		ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote att… CWE-611
XXE 		CVE-2015-8866 cpe:2.3:a:php:php:*:* 7.2.0
7.1.0
7.0.0
5.5.0
5.6.0







7.2.1
7.1.13
7.0.27
5.5.22
5.6.6 		2024-11-21 11:39
2016-05-22 		Show GitHub Exploit DB Packet Storm
222 4.3
4.3 		MEDIUM
Network 		Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before … CWE-22
Path Traversal 		CVE-2014-9767 cpe:2.3:a:php:php:5.6.9:*
cpe:2.3:a:php:php:5.6.8:*
cpe:2.3:a:php:php:5.6.7:*
cpe:2.3:a:php:php:5.6.6:*
cpe… 		5.4.45 2024-11-21 11:21
2016-05-22 		Show GitHub Exploit DB Packet Storm
223 9.8
7.5 		CRITICAL
Network 		Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2016-4073 cpe:2.3:a:php:php:7.0.4:*
cpe:2.3:a:php:php:7.0.3:*
cpe:2.3:a:php:php:7.0.2:*
cpe:2.3:a:php:php:7.0.1:*
cpe… 		2024-11-21 11:51
2016-05-20 		Show GitHub Exploit DB Packet Storm
224 9.8
7.5 		CRITICAL
Network 		The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 chara… CWE-20
 Improper Input Validation  		CVE-2016-4072 cpe:2.3:a:php:php:7.0.4:*
cpe:2.3:a:php:php:7.0.3:*
cpe:2.3:a:php:php:7.0.2:*
cpe:2.3:a:php:php:7.0.1:*
cpe… 		2024-11-21 11:51
2016-05-20 		Show GitHub Exploit DB Packet Storm
225 9.8
7.5 		CRITICAL
Network 		Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via for… CWE-20
 Improper Input Validation  		CVE-2016-4071 cpe:2.3:a:php:php:7.0.4:*
cpe:2.3:a:php:php:7.0.3:*
cpe:2.3:a:php:php:7.0.2:*
cpe:2.3:a:php:php:7.0.1:*
cpe… 		2024-11-21 11:51
2016-05-20 		Show GitHub Exploit DB Packet Storm
226 7.5
5.0 		HIGH
Network 		Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (applica… CWE-189
Numeric Errors 		CVE-2016-4070 cpe:2.3:a:php:php:7.0.4:*
cpe:2.3:a:php:php:7.0.3:*
cpe:2.3:a:php:php:7.0.2:*
cpe:2.3:a:php:php:7.0.1:*
cpe… 		5.5.33 2024-11-21 11:51
2016-05-20 		Show GitHub Exploit DB Packet Storm
227 7.3
7.5 		HIGH
Local 		The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, whi… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2015-8865 cpe:2.3:a:php:php:7.0.4:*
cpe:2.3:a:php:php:7.0.3:*
cpe:2.3:a:php:php:7.0.2:*
cpe:2.3:a:php:php:7.0.1:*
cpe… 		5.5.33 2024-11-21 11:39
2016-05-20 		Show GitHub Exploit DB Packet Storm
228 7.1
6.4 		HIGH
Local 		The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information… CWE-20
 Improper Input Validation  		CVE-2016-3185 cpe:2.3:a:php:php:7.0.3:*
cpe:2.3:a:php:php:7.0.2:*
cpe:2.3:a:php:php:7.0.1:*
cpe:2.3:a:php:php:7.0.0:*
cpe… 		5.4.43 2024-11-21 11:49
2016-05-16 		Show GitHub Exploit DB Packet Storm
229 9.8
10.0 		CRITICAL
Network 		Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2016-2554 cpe:2.3:a:php:php:7.0.2:*
cpe:2.3:a:php:php:7.0.1:*
cpe:2.3:a:php:php:7.0.0:*
cpe:2.3:a:php:php:5.6.9:*
cpe… 		5.5.31 2024-11-21 11:48
2016-05-16 		Show GitHub Exploit DB Packet Storm
230 7.5
5.0 		HIGH
Network 		Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2015-8874 cpe:2.3:a:php:php:*:* 5.6.11 2024-11-21 11:39
2016-05-16 		Show GitHub Exploit DB Packet Storm