PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 883
GHSA-www2-q4fc-65wf
Null byte termination in dns_get_record()
GHSA-8xr5-qppj-gvwj
NULL Pointer Dereference in PDO quoting
GHSA-h96m-rvf9-jgm2
Heap buffer overflow in array_merge()
GHSA-3237-qqm7-mfv7
Information Leak of Memory in getimagesize
BDU:2026-00449
Уязвимость объектно-ориентированного прикладного программного интерфейса PDO интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании
CVE-2025-1735
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid.
CVE-2025-1735
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before ...
CVE-2025-1220
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url() treat the hostname in different way, thus opening way to security problems if the user code implements access checks before access using such functions.
CVE-2025-1220
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before ...
CVE-2025-1735
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-www2-q4fc-65wf Null byte termination in dns_get_record() | около 2 месяцев назад | ||
| GHSA-8xr5-qppj-gvwj NULL Pointer Dereference in PDO quoting | 0% Низкий | около 2 месяцев назад | |
| GHSA-h96m-rvf9-jgm2 Heap buffer overflow in array_merge() | CVSS3: 6.5 | 0% Низкий | около 2 месяцев назад |
| GHSA-3237-qqm7-mfv7 Information Leak of Memory in getimagesize | 0% Низкий | около 2 месяцев назад | |
 | BDU:2026-00449 Уязвимость объектно-ориентированного прикладного программного интерфейса PDO интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 3.7 | 0% Низкий | 4 месяца назад |
 | CVE-2025-1735 In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid. | CVSS3: 5.9 | 0% Низкий | 7 месяцев назад |
| CVE-2025-1735 In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before ... | CVSS3: 5.9 | 0% Низкий | 7 месяцев назад |
| CVE-2025-1220 In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url() treat the hostname in different way, thus opening way to security problems if the user code implements access checks before access using such functions. | CVSS3: 3.7 | 0% Низкий | 7 месяцев назад |
| CVE-2025-1220 In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before ... | CVSS3: 3.7 | 0% Низкий | 7 месяцев назад |
 | CVE-2025-1735 In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid. | CVSS3: 5.9 | 0% Низкий | 7 месяцев назад |
Уязвимостей на страницу