Critical 9.8
2024-11-22< 8.1.31
OOB access in ldap_escape
PHP 8.1
Critical 9.8
2025-01-01< 8.1.32
Stream HTTP wrapper truncates redirect location to 1024 bytes
Critical 9.8
2024-11-24< 8.1.31
Integer overflow in the firebird and dblib quoters causing OOB writes
KEV
2024-06-09< 8.1.29
Argument Injection in PHP-CGI
Critical 9.8
2022-10-21< 8.1.12
XKCP: buffer overflow in the SHA-3 reference implementation
Critical 9.4
2024-04-29< 8.1.29
Command injection via array-ish $command parameter of proc_open()
Critical 9.4
2023-08-11< 8.1.22
Buffer overflow and overread in phar_dir_read()
Critical 9.1
2025-02-12< 8.1.14
PDO::quote() may return unquoted string
High 8.6
2023-08-11< 8.1.22
Security issue with external entity loading in XML without enabling it
High 8.2
2022-02-27< 8.1.3
UAF due to php_filter_float() failing
High 8.1
2024-10-08< 8.1.30
PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)
High 8.1
2022-06-16< 8.1.7
Freeing unallocated memory in php_pgsql_free_params()
High 7.7
2024-06-09< 8.1.29
Command injection via array-ish $command parameter of proc_open() (bypass CVE-2024-1874 fix)
High 7.7
2022-07-28< 8.1.8
Heap buffer overflow in finfo_buffer
High 7.7
2023-02-16< 8.1.16
password_verify() always returns true for some invalid hashes
High 7.5
2025-12-27< 8.1.34
NULL Pointer Dereference in PDO quoting
High 7.5
2025-12-27< 8.1.34
Information Leak of Memory in getimagesize
High 7.5
2024-10-08< 8.1.30
cgi.force_redirect configuration is bypassable due to the environment variable collision
High 7.5
2018-08-02< 8.1.1
php: Out of bounds access in php_pcre.c:php_pcre_replace_impl()
High 7.5
2022-06-16< 8.1.7
mysqlnd/pdo password buffer overflow
High 7.5
2023-02-16< 8.1.16
Array overrun in common path resolve code
High 7.5
2023-02-16< 8.1.16
DoS vulnerability when parsing multipart request body
High 7.3
2025-01-01< 8.1.32
Stream HTTP wrapper header check might omit basic auth header
Medium 6.5
2025-12-27< 8.1.34
Heap buffer overflow in array_merge()
Medium 6.5
2024-04-29< 8.1.28
PHP function password_verify can erroneously return true when argument contains NUL
Medium 6.5
2022-11-14< 8.1.12
OOB read due to insufficient input validation in imageloadfont()
Medium 6.5
2022-09-28< 8.1.11
$_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities
Medium 5.9
2025-07-05< 8.1.33
NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix
Medium 5.9
2025-07-05< 8.1.33
pgsql extension does not check for errors during escaping
Medium 5.9
2024-06-09< 8.1.29
PHP is vulnerable to the Marvin Attack
Medium 5.8
2024-11-22< 8.1.31
Leak partial content of the heap through heap buffer over-read in mysqlnd
Medium 5.3
2025-01-01< 8.1.32
Streams HTTP wrapper does not fail for headers with invalid name and no colon
Medium 5.3
2025-01-01< 8.1.32
libxml streams use wrong content-type header when requesting a redirected resource
Medium 5.3
2024-06-09< 8.1.29
Filter bypass in filter_var (FILTER_VALIDATE_URL)
Medium 4.8
2024-11-24< 8.1.31
Configuring a proxy in a stream context might allow for CRLF injection in URIs
Medium 4.8
2024-11-24< 8.1.31
Single byte overread with convert.quoted-printable-decode filter
Low 3.7
2025-07-13< 8.1.33
Null byte termination in hostnames
Low 3.3
2024-10-08< 8.1.30
PHP-FPM logs from children may be altered
Low 3.1
2025-01-01< 8.1.32
Header parser of http stream wrapper does not handle folded headers
Low 3.1
2024-10-08< 8.1.30
Erroneous parsing of multipart form data
Low 2.6
2023-07-22< 8.1.20
Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP
Low 2.3
2022-09-28< 8.1.11
phar wrapper can occur dos when using quine gzip file
N/A
2024-04-29> 8.1.11 and < 8.1.28
N/A
< 8.1.32