Vulnerability Charts

Last modified:

All information is derived from unless otherwise stated. CVSS values listed are those of the highest scoring CVEs for any listed version. The highest possible score is 10.0, indicating that a version is considered to be ❌ extremely unsafe. The lowest possible score is 0.0, indicating that a version is currently considered to be ✔️ safe.

There may also be additional considerations as to whether a version should be considered ✔️ safe or ❌ unsafe, such as whether the version is still being actively supported, whether it is appropriate to use in production environments, etc. As such, versions will also be marked as either ✔️ safe, ❌ unsafe, or as ➖ in development (versions marked as in development may be safe, but aren't yet considered to be ready for a production environment).

Please note that a ✔️ safe designation does NOT mean that the designated versions are free from bugs and errors! When a new "patch release" becomes available, in general, these patch releases rectify various problems, bugs and so forth which could be encountered when using outdated versions from prior to the particular patch release. As such, using the latest version for any particular branch is always advised in favour of using older, outdated versions.

If you find any errors, would like to add to the list or make some changes, please send a pull request to the GitHub repository for this page.
Licensing (for this repository): MIT License (feel free to copy and adapt it if you want).

CVSS Safe? Notes
PHP versions PHP 7.3.6 – 7.3.7 0.0 ✔️ (7.3.7 is the current latest version on the 7.3 branch).
PHP 7.3.3 – 7.3.5 6.4
PHP 7.3.0 – 7.3.2 7.5~9.8
PHP 7.2.19 – 7.2.20 0.0 ✔️ (7.2.20 is the current latest version on the 7.2 branch).
PHP 7.2.16 – 7.2.18 6.4
PHP 7.2.0 – 7.2.15 7.5~9.8
PHP 7.1.30 0.0 ✔️ (7.1.30 is the current latest version on the 7.1 branch).
Anything earlier than this version should be considered unsafe.
PHP 7.1.28 – 7.1.29 6.4
PHP 7.0.8 – 7.1.27 7.5~9.8 (7.0.33 is the current latest version on the 7.0 branch).
PHP 7.0.0 – 7.0.7 10.0
PHP 5.6.36 – 5.6.40 7.5~9.8 (5.6.40 is the current latest version on the 5.6 branch).
See: CVE-2018-17082, CVE-2019-9641