What is the php CNA?
php is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 79 CVE records since 2019.
How many CVEs has php published?
php has published 79 CVE records, including 30 in the last two years.
What is php's CVE data quality grade?
RadicalNotion.AI grades php's CVE data quality as A, with an overall completeness score of 99.1%. This reflects how consistently its CVE records include vendor (100%), product (100%), CVSS (97.5%), and CWE (98.7%) information.
What products does php publish CVEs for?
php most frequently publishes CVEs for PHP, php-src, libphp, php-min, debian linux.
Which vendors does php cover?
php publishes CVEs across 5 distinct vendors, most often PHP, PHP Group, Bitnami, debian, fedoraproject.
Is php actively publishing CVEs?
php is currently active, based on 30 CVEs in the last two years.
What is the average severity of php's CVEs?
The average CVSS base score across php's scored CVEs is 6.2.
How many critical CVEs has php published?
php has published 9 critical-severity CVEs and 19 high-severity CVEs.
Are any of php's CVEs in CISA's Known Exploited Vulnerabilities catalog?
Yes. 2 of php's CVEs are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, meaning they are confirmed to be exploited in the wild.
What are the most common weakness types in php's CVEs?
php's CVEs most often map to these CWE weakness types: CWE-125 (Out-of-bounds Read), CWE-20 (Improper Input Validation), CWE-476 (NULL Pointer Dereference), CWE-416 (Use After Free).
How does php rank among CNAs?
By total CVE volume, php ranks #135 of 370 CNAs, and it reports more complete CVE records than 54% of all CNAs.
