Libreoffice

This hub aggregates every CVE we track for Libreoffice, a product in the consumer software space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Libreoffice.

• CVE-2026-4430Heap Buffer Overflow in AgileEngine7.8May 7, 2026
• CVE-2025-14714TCC Bypass via Inherited Permissions in Bundled Interpreter6.5Dec 15, 2025
• CVE-2025-2866PDF signature forgery with adbe.pkcs7.sha1 SubFilter5.5Apr 27, 2025
• CVE-2021-25635Content Manipulation with Certificate Validation Attack5.5Mar 21, 2025
• CVE-2025-1080Macro URL arbitrary script execution7.8Mar 4, 2025
• CVE-2025-0514Executable hyperlink Windows path targets executed unconditionally on activation7.8Feb 25, 2025
• CVE-2024-12426URL fetching can be used to exfiltrate arbitrary INI file values and environment variables6.5Jan 7, 2025
• CVE-2024-12425Path traversal leading to arbitrary .ttf file write3.3Jan 7, 2025
• CVE-2024-7788Signatures in "repair mode" should not be trusted7.8Sep 17, 2024
• CVE-2024-6472Ability to trust not validated macro signatures removed in high security mode7.8Aug 5, 2024
• CVE-2024-5261TLS certificate are not properly verified when utilizing LibreOfficeKit9.8Jun 25, 2024
• CVE-2024-3044Graphic on-click binding allows unchecked script execution6.5May 14, 2024
• CVE-2023-6186Link targets allow arbitrary script execution8.3Dec 11, 2023
• CVE-2023-6185Improper input validation enabling arbitrary Gstreamer pipeline injection8.3Dec 11, 2023
• CVE-2023-1183Arbitrary file write5.0Jul 10, 2023