To get the vulnerability information of a PHP version, you have to make a call including the major PHP version (or the minor one). The response will include all vulnerabilities for this major version.
https://www.wpvulnerability.net/php/php-major-or-minor-version/
Example: PHP 8.2
PHP JSON response
This will return a JSON with the following format:
{
"error": 0,
"message": null,
"data": {
"name": "PHP 8.x",
"php": "8.x",
"status": "m",
"date_start": "1970-01-01"
"sate_end": "1971-12-31"
"vulnerability": [
{
"name": "PHP 8.x < 8.x.1",
"operator": {
"min_version": null,
"min_operator": null,
"max_version": "8.x.1",
"max_operator": "lt",
"unfixed": "0",
},
"source": [
{
"id": "CVE-0000-00001",
"name": "CVE-0000-00001",
"link": "https://www.cve.org/CVERecord?id=CVE-0000-00001",
"description": "This is an example of a vulnerability description.",
"date": "2003-05-27"
}
]
},
{
"name": "PHP 8.x < 8.x.2",
"operator": {
"min_version": null,
"min_operator": null,
"max_version": "8.x.2",
"max_operator": "le",
"unfixed": "0",
},
"source": [
{
"id": "CVE-0000-00002",
"name": "CVE-0000-00002",
"link": "https://www.cve.org/CVERecord?id=CVE-0000-00002",
"description": "This is an example of a vulnerability description.",
"date": "2003-05-28"
}
]
},
]
},
"updated": 1053993600
}
PHP JSON description
error
: If there is an error, the value will be 1. If there is no error, it will be 0.message
: In case of error, an information message will be displayed.data
: (object) Data information group.data
: PHP version.→
namedata
: PHP major version.→
phpdata
: (values) Information URL.→
statusm
: Maintaineds
: Security supportd
: Deprecated / Unmaintained
data
: Date since the version was launched.→
date_startdata
: Date when the version was deprecated / unmaintained.→
date_enddata
: (array) Each of the plugin’s vulnerabilities.→
vulnerabilitydata
: Vulnerability name.→
vulnerability→
namedata
: (object) Vulnerability version calculation system. It is based on the PHP version_compare function.→
vulnerability→
operatordata
: Minimum version affected.→
vulnerability→
operator→
min_versiondata
: Calculation operator.→
vulnerability→
operator→
min_operatordata
: Maximum version affected.→
vulnerability→
operator→
max_versiondata
: Calculation operator.→
vulnerability→
operator→
max_operatordata
: The vulnerability is unfixed.→
vulnerability→
operator→
unfixed
data
: (array) List of vulnerabilities.→
vulnerability→
sourcedata
: Source unique identifier.→
vulnerability→
source→
iddata
: Source vulnerability information.→
vulnerability→
source→
linkdata
: Source vulnerability description.→
vulnerability→
source→
descriptiondata
: Date of publication of the vulnerability.→
vulnerability→
source→
date
update
: Last information update (UNIXTIME).
Important information
The PHP API has information since PHP 4.0, and also vulnerabilities that may apply to WordPress. This is not a PHP vulnerability database.