phpoffice

Top products

The 15 most recently published vulnerabilities affecting phpoffice.

• CVE-2026-40863PhpSpreadsheet: CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML Reader7.5May 12, 2026
• CVE-2026-40902PhpSpreadsheet: CPU Denial of Service via Unbounded Row Number in XLSX Row Dimensions7.5May 12, 2026
• CVE-2026-40296PhpSpreadsheet vulnerable to XSS in HTML writer via custom number format codes5.4May 6, 2026
• CVE-2026-35453PhpSpreadsheet XSS via number format text substitution in HTML Writer5.4May 5, 2026
• CVE-2026-34084PhpSpreadsheet SSRF and RCE via PHP stream wrappers in IOFactory::load9.8May 5, 2026
• CVE-2025-54370PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser7.5Aug 25, 2025
• CVE-2025-48882PHPOffice Math allows XXE when processing an XML file in the MathML format7.5May 30, 2025
• CVE-2025-23210Bypass XSS sanitizer using the javascript protocol and special characters in phpoffice/phpspreadsheet6.4Feb 3, 2025
• CVE-2025-22131Cross-Site Scripting (XSS) vulnerability in generateNavigation() function6.1Jan 20, 2025
• CVE-2024-56412PhpSpreadsheet vulnerable to bypass of the XSS sanitizer using the javascript protocol and special characters5.4Jan 3, 2025
• CVE-2024-56411PhpSpreadsheet has Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header5.4Jan 3, 2025
• CVE-2024-56410PhpSpreadsheet has Cross-Site Scripting (XSS) vulnerability in custom properties5.4Jan 3, 2025
• CVE-2024-56409PhpSpreadsheet vulnerable to unauthorized reflected XSS in Currency.php file5.4Jan 3, 2025
• CVE-2024-56366PhpSpreadsheet vulnerable to unauthorized reflected XSS in the Accounting.php file5.4Jan 3, 2025
• CVE-2024-56365PhpSpreadsheet vulnerable to unauthorized reflected XSS in the constructor of the Downloader class5.4Jan 3, 2025