PHP security audit reveals 27 vulnerabilities. Quarkslab nevertheless rates PHP codebase as positive. Update strongly recommended.

The PHP Group released PHP 4.3.1 and PHP 5.0.3 which plug serious security holes in implementations of the popular Web site scripting language, the group said in a statement on it's Web site.

New exploits for a two-year-old PHP vulnerability popped up in October that allow hackers to run code on websites running vulnerable versions of the web development framework.

UPDATE Developers at PHP recently pushed out a series of patches to fix a handful of vulnerabilities, including one that can lead to a heap-based buffer overflow.. Researchers at the Swiss firm ...

Since the Dependency Graph feature is intertwined with the Security Alerts (Vulnerability Alerts) feature, this also means GitHub users will also be eligible to receive automatic security alerts ...

The CVE-2012-2311 vulnerability, also known as CVE-2012-1823, was publicly disclosed last week and prompted the PHP Group to release PHP 5.3.12 and PHP 5.4.2 as emergency security updates in order ...

PHP 7 is affected by an unpatched vulnerability that opens servers running the latest branch of the PHP programming language to attacks.

The vulnerability is identified as CVE-2012-0830 and was discovered by Stefan Esser, an independent security consultant and creator of the popular Suhosin security extension for PHP.

Over nearly a decade, PHP unserialization vulnerabilities have become a popular route for cyber-criminals to plant remote code execution or deliver other malware into systems. But new research ...

NEWS ANALYSIS: High-level vulnerabilities in a pair of open-source tools reveal risks in package management infrastructure.