sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI scrip…

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain config…

University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other pr…

In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, ther…

PHP before 5.3.9 computes hash values for form parameters without restricting the ability to tr…

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2…

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI scrip…

gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in …

Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x befo…

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql e…

Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote a…

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializ…

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI scrip…

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and t…

Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c…

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-si…

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x be…

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializ…

Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP befor…

Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote …

In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash ta…

The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 …

Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x befo…

Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP …

The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mis…

Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attac…

Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x bef…

php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers…

The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers t…

The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that cer…

Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before…

Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as…

Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/x…

In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extensio…

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML pars…

Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in P…

Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.…

The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x be…

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allow…

The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, an…