Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
PHP Number Of NVD 699 CRITICAL 123 HIGH 261 MEDIUM 289 LOW 26
URL https://www.php.net/
Explanation It is an open source programming language used around the world as a development language for web applications.
It is developed by "The PHP Group" and is used in many open source web applications such as WordPress and Xoops.
Today, it can be used as a general-purpose scripting language for applications other than web applications.
It is a popular language among programming beginners because it is easy to learn.

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Add Information URL
No Type Name URL
1 https://www.php.net/supported-versions.php
2 https://www.php.net/downloads.php
3 https://www.php.net/eol.php
4 https://github.com/php/php-src
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
331 PHP8.3 8.3.28 Nov. 20, 2025 June 6, 2024 Dec. 31, 2025 Dec. 31, 2027 5 6 4 0
332 PHP8.2 8.2.29 July 3, 2025 Dec. 8, 2022 Dec. 31, 2024 Dec. 31, 2026 6 9 6 0
333 PHP8.1 8.1.33 July 3, 2025 Nov. 25, 2021 Nov. 25, 2023 Nov. 25, 2024 6 10 6 0
334 PHP8.0 8.0.30 Aug. 3, 2023 Nov. 26, 2020 Nov. 26, 2022 Nov. 26, 2023 6 9 11 0
335 PHP7.4 7.4.33 Nov. 3, 2022 Nov. 28, 2019 Nov. 28, 2021 Nov. 28, 2022 9 10 19 1
336 PHP7.3 7.3.33 Nov. 18, 2021 Dec. 6, 2018 Dec. 6, 2020 Dec. 6, 2021 19 17 21 1
337 PHP7.2 7.2.34 Oct. 1, 2020 Nov. 30, 2017 Nov. 30, 2019 Nov. 30, 2020 20 21 21 1
338 PHP7.1 7.1.33 Dec. 1, 2019 Dec. 1, 2016 Dec. 1, 2018 Dec. 1, 2019 30 36 10 0
339 PHP7.0 7.0.33 Dec. 6, 2018 Dec. 3, 2015 Dec. 3, 2017 Dec. 3, 2018 76 60 14 0
340 PHP5.6 5.6.40 Dec. 31, 2018 Aug. 28, 2014 Jan. 19, 2017 Dec. 31, 2018 77 95 41 1
341 PHP6.0 6.0 Jan. 1, 2000 4 8 5 0
342 PHP5.6 5.6.9 Jan. 1, 2000 77 95 41 1
343 PHP5.5 5.5.9 Jan. 1, 2000 72 98 67 3
344 PHP5.4 5.4.9 Jan. 1, 2000 61 103 74 4
345 PHP5.3 5.3.9 Jan. 1, 2000 62 110 134 4
346 PHP5.2 5.2.9 Jan. 1, 2000 63 156 184 7
347 PHP5.1 5.1.6 Jan. 1, 2000 63 150 150 19
348 PHP5.0 5.0.5 Jan. 1, 2000 63 154 157 14
349 PHP4.4 4.4.9 Jan. 1, 2000 62 149 164 20
350 PHP4.3 4.3.9 Jan. 1, 2000 62 158 164 15
351 PHP4.2 4.2.4 Jan. 1, 2000 62 157 166 15
352 PHP4.1 4.1.3 Jan. 1, 2000 62 159 163 15
353 PHP4.0 4.0.7 Jan. 1, 2000 62 161 168 17
354 PHP3.0 3.0.9 Jan. 1, 2000 61 136 140 6
355 PHP2.0b10 2.0b10 Jan. 1, 2000 61 124 132 6
356 PHP2.0 2.0.2 Jan. 1, 2000 61 124 132 6
357 PHP1.5 1.5 Jan. 1, 2000 61 120 131 6
358 PHP1.4 1.4 Jan. 1, 2000 61 120 131 6
359 PHP1.3 1.3.5 Jan. 1, 2000 61 120 131 6
360 PHP1.2 1.2.5 Jan. 1, 2000 61 120 131 6
361 PHP1.1 1.1.1 Jan. 1, 2000 61 120 131 6
362 PHP1.0 1.0.4 Jan. 1, 2000 61 124 132 6
363 PHP0.91 0.91 Jan. 1, 2000 61 120 131 6
364 PHP0.90 0.90 Jan. 1, 2000 61 120 131 6
365 PHP0.9 0.9.4 Jan. 1, 2000 61 120 131 6
366 PHP0.7 0.7 Jan. 1, 2000 61 120 131 6
367 PHP0.6 0.6 Jan. 1, 2000 61 120 131 6
368 PHP0.5 0.5.3 Jan. 1, 2000 61 120 131 6
369 PHP0.4 0.4 Jan. 1, 2000 61 120 131 6
370 PHP0.3 0.3 Jan. 1, 2000 61 120 131 6
371 PHP0.2 0.2.4 Jan. 1, 2000 61 120 131 6
372 PHP0.11 0.11 Jan. 1, 2000 61 120 131 6
373 PHP0.10 0.10 Jan. 1, 2000 61 120 131 6
374 PHP0.1 0.1.1 Jan. 1, 2000 61 120 131 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
331 -
5.0 		MEDIUM file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that trigger… CWE-399
 Resource Management Errors 		CVE-2014-3538 cpe:2.3:a:php:php:*:* 5.5.0
5.4.0

5.5.16
5.4.32 		2024-11-21 11:08
2014-07-3 		Show GitHub Exploit DB Packet Storm
332 -
5.1 		MEDIUM Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary co… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2014-4049 cpe:2.3:a:php:php:5.6.0:beta3
cpe:2.3:a:php:php:5.6.0:beta2
cpe:2.3:a:php:php:5.6.0:beta1
cpe:2.3:a:php:php:5.… 		5.5.0
5.4.0
5.3.0



5.5.14
5.4.30
5.3.29 		2024-11-21 11:09
2014-06-19 		Show GitHub Exploit DB Packet Storm
333 -
3.3 		LOW acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. CWE-59
Link Following 		CVE-2014-3981 cpe:2.3:a:php:php:*:* 5.5.0
5.4.0



5.5.14
5.4.30
5.3.29 		2024-11-21 11:09
2014-06-9 		Show GitHub Exploit DB Packet Storm
334 -
5.0 		MEDIUM The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bound… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2014-0238 cpe:2.3:a:php:php:*:*
5.4.0
5.5.0



5.3.29
5.4.29
5.5.13 		2024-11-21 11:01
2014-06-1 		Show GitHub Exploit DB Packet Storm
335 -
5.0 		MEDIUM The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by … CWE-399
 Resource Management Errors 		CVE-2014-0237 cpe:2.3:a:php:php:*:*
5.4.0
5.5.0



5.3.29
5.4.29
5.5.13 		2024-11-21 11:01
2014-06-1 		Show GitHub Exploit DB Packet Storm
336 -
7.2 		HIGH sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a … CWE-269
 Improper Privilege Management 		CVE-2014-0185 cpe:2.3:a:php:php:*:* 5.5.0
5.4.0
5.3.0



5.5.12
5.4.28
5.3.28 		2024-11-21 11:01
2014-05-6 		Show GitHub Exploit DB Packet Storm
337 -
5.0 		MEDIUM The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to ca… NVD-CWE-noinfo
CVE-2013-7345 cpe:2.3:a:php:php:*:* 5.5.0
5.4.0

5.5.11
5.4.27 		2024-11-21 11:00
2014-03-25 		Show GitHub Exploit DB Packet Storm
338 -
4.3 		MEDIUM The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a c… CWE-476
 NULL Pointer Dereference 		CVE-2014-2497 cpe:2.3:a:php:php:*:* 5.5.0

5.5.16
5.4.32 		2024-11-21 11:06
2014-03-21 		Show GitHub Exploit DB Packet Storm
339 -
4.3 		MEDIUM softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE execu… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2014-2270 cpe:2.3:a:php:php:*:* 5.5.0

5.5.10
5.4.26 		2024-11-21 11:05
2014-03-15 		Show GitHub Exploit DB Packet Storm
340 -
5.0 		MEDIUM Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file. CWE-755
 Improper Handling of Exceptional Conditions 		CVE-2014-1943 cpe:2.3:a:php:php:*:* 5.5.0
5.4.0

5.5.10
5.4.26 		2024-11-21 11:05
2014-02-19 		Show GitHub Exploit DB Packet Storm