Phpgroup Php
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Phpgroup Php.
EOL Dates
Ensure that you are using a supported version of Phpgroup Php. Here are some end of life, and end of support dates for Phpgroup Php.
| Release | EOL | End of Support | Status |
|---|---|---|---|
| 8.5 | December 31, 2029 | December 31, 2027 |
Active
Phpgroup Php 8.5 will become EOL in 3 years (in 2029). |
| 8.4 | December 31, 2028 | December 31, 2026 |
Active
Phpgroup Php 8.4 will become EOL in two years (in 2028). |
| 8.3 | December 31, 2027 | December 31, 2025 |
Active
Phpgroup Php 8.3 will become EOL next year, in December 2027. |
| 8.2 | December 31, 2026 | December 31, 2024 |
EOL This Year
Phpgroup Php 8.2 will become EOL this year, in December 2026. |
| 8.1 | December 31, 2025 | November 25, 2023 |
EOL
Phpgroup Php 8.1 became EOL in 2025 and supported ended in 2023 |
| 8.0 | November 26, 2023 | November 26, 2022 |
EOL
Phpgroup Php 8.0 became EOL in 2023 and supported ended in 2022 |
| 7.4 | November 28, 2022 | November 28, 2021 |
EOL
Phpgroup Php 7.4 became EOL in 2022 and supported ended in 2021 |
| 7.3 | December 6, 2021 | December 6, 2020 |
EOL
Phpgroup Php 7.3 became EOL in 2021 and supported ended in 2020 |
| 7.2 | November 30, 2020 | November 30, 2019 |
EOL
Phpgroup Php 7.2 became EOL in 2020 and supported ended in 2019 |
| 7.1 | December 1, 2019 | December 1, 2018 |
EOL
Phpgroup Php 7.1 became EOL in 2019 and supported ended in 2018 |
| 7.0 | January 10, 2019 | January 4, 2018 |
EOL
Phpgroup Php 7.0 became EOL in 2019 and supported ended in 2018 |
| 5.6 | December 31, 2018 | January 19, 2017 |
EOL
Phpgroup Php 5.6 became EOL in 2018 and supported ended in 2017 |
| 5.5 | July 21, 2016 | July 10, 2015 |
EOL
Phpgroup Php 5.5 became EOL in 2016 and supported ended in 2015 |
| 5.4 | September 14, 2015 | September 14, 2014 |
EOL
Phpgroup Php 5.4 became EOL in 2015 and supported ended in 2014 |
| 5.3 | August 14, 2014 | June 30, 2011 |
EOL
Phpgroup Php 5.3 became EOL in 2014 and supported ended in 2011 |
| 5.2 | January 6, 2011 | November 2, 2008 |
EOL
Phpgroup Php 5.2 became EOL in 2011 and supported ended in 2008 |
| 5.1 | August 24, 2006 | August 24, 2006 |
EOL
Phpgroup Php 5.1 became EOL in 2006 and supported ended in 2006 |
| 5.0 | September 5, 2005 | September 5, 2005 |
EOL
Phpgroup Php 5.0 became EOL in 2005 and supported ended in 2005 |
By the Year
In 2026 there have been 0 vulnerabilities in Phpgroup Php. Last year, in 2025 Php had 1 security vulnerability published. Right now, Php is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 6.50 |
| 2024 | 9 | 7.58 |
It may take a day or so for new Php vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Phpgroup Php Security Vulnerabilities
Heap Buffer Overflow IN PHP array_merge (8.18.5) pre 8.5.1
CVE-2025-14178
6.5 - Medium
- December 27, 2025
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in the precomputation of element counts using zend_hash_num_elements(). This may lead to memory corruption or crashes and affect the integrity and availability of the target server.
Memory Corruption
PHP convert.quoted-printable-decode Filter Buffer Overread Vulnerability
CVE-2024-11233
4.8 - Medium
- November 24, 2024
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.
Heap-based Buffer Overflow
PHP Stream Proxy Request Smuggling Vulnerability
CVE-2024-11234
4.8 - Medium
- November 24, 2024
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.
Improper Input Validation
PHP ldap_escape() Integer Overflow Vulnerability on 32-bit Systems
CVE-2024-11236
9.8 - Critical
- November 24, 2024
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.
Memory Corruption
PHP MySQL Client Heap Disclosure Vulnerability
CVE-2024-8929
5.8 - Medium
- November 22, 2024
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.
Information Disclosure
PHP ldap_escape() Integer Overflow Vulnerability on 32-bit Systems
CVE-2024-8932
9.8 - Critical
- November 22, 2024
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.
Memory Corruption
PHP 8.1-8.3: Windows CGI Cmd Line Option Injection via Best-Fit CP
CVE-2024-4577
9.8 - Critical
- June 09, 2024
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Shell injection
Password_hash null byte bug in PHP <8.1.28/8.2.18/8.3.5
CVE-2024-3096
6.5 - Medium
- April 29, 2024
In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true.
Improper Input Validation
PHP 8.1/8.2/8.3 cmd injection via proc_open() array syntax (< v8.1.28 / < v8.2.18 / < v8.3.5)
CVE-2024-1874
9.4 - Critical
- April 29, 2024
In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.
Output Sanitization
PHP 8.3.* DoS via mb_encode_mimeheader loop (before 8.3.5)
CVE-2024-2757
7.5 - High
- April 29, 2024
In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function.
Resource Exhaustion
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Phpgroup Php or by Phpgroup? Click the Watch button to subscribe.
