CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

PHP » PHP » * * * * : Vulnerability Statistics

Vulnerabilities (370) Related Metasploit Modules   (Cpe Name:cpe:2.3:a:php:php:*:*:*:*:*:*:*:*)
Vulnerability Feeds & Widgets

Vulnerability Trends Over Time

Year # of Vulnerabilities DoS Code Execution Overflow Memory Corruption Sql Injection XSS Directory Traversal Http Response Splitting Bypass something Gain Information Gain Privileges CSRF File Inclusion # of exploits
2002 1 1
2003 1 1
2004 2
2005 3 1 2 1 3
2006 5 1 1 3
2007 43 11 18 13 1 3 8 4
2008 13 2 2 3 2 2 1
2009 11 1 2 2 1
2010 5 1 2 2 2 3 1
2011 24 17 1 7 4 3 1 5
2012 14 6 3 2 2 1 1 2
2013 10 5 1 5 2 1 2
2014 25 19 6 9 2 2
2015 27 15 10 8 1 3 2
2016 92 72 19 35 5 1 2 3 8
2017 24 15 3 5 2 1 3
2018 22 6 2 3 3 1 2
2019 32 1 8 1
2020 14 1 2 1
2021 2
Total 370 173 71 102 18 5 9 8 1 35 26 6
% Of All 46.8 19.2 27.6 4.9 1.4 2.4 2.2 0.3 9.5 7.0 0.0 0.0 0.0

Warning : Vulnerabilities with publish dates before 1999 are not included in this table and chart. (Because there are not many of them and they make the page look bad; and they may not be actually published in those years.)

Vulnerabilities By Year
1
1
2
3
5
43
13
11
5
24
14
10
25
27
92
24
22
32
14
2
  2002 1
2003 1
2004 2
2005 3
2006 5
2007 43
2008 13
2009 11
2010 5
2011 24
2012 14
2013 10
2014 25
2015 27
2016 92
2017 24
2018 22
2019 32
2020 14
2021 2
Vulnerabilities By Type
173
9
71
102
35
18
8
26
5
1
  Denial of Service 173
XSS 9
Execute Code 71
Overflow 102
Bypass Something 35
Memory Corruption 18
Directory Traversal 8
Gain Information 26
Sql Injection 5
Http Response Splitting 1

Click on legend names to show/hide lines for vulnerability types
If you can't see MS Office style charts above then it's time to upgrade your browser!
P.S: Charts may not be displayed properly especially if there are only a few data points.

This page lists vulnerability statistics for PHP PHP * * * *. Vulnerability statistics provide a quick overview for security vulnerabilities of PHP PHP * * * *

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.