Phpoffice Phpspreadsheet
24 CVEs affecting Phpoffice Phpspreadsheet. Latest disclosed: 2026-05-12. Critical: 1, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-34084 | Critical | 9.8 | 2026-05-05 | PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.2 and earlier, 2.0.0 through 2.1.14, 2.2.0 through 2.4.3, 3.3.0 through… |
CVE-2024-45048 | High | 8.8 | 2024-08-28 | PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions are subject to a bypassing of a filter which allows for an XX… |
CVE-2024-45290 | High | 7.7 | 2024-10-07 | PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file which links media from… |
CVE-2026-40902 | High | 7.5 | 2026-05-12 | PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the XLSX reader's ColumnAndR… |
CVE-2026-40863 | High | 7.5 | 2026-05-12 | PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the SpreadsheetML XML reader… |
CVE-2024-48917 | High | 7.5 | 2024-11-18 | PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The `XmlScanner` class has a scan method which should prevent XXE attacks. However… |
CVE-2024-47873 | High | 7.5 | 2024-11-18 | PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, pr… |
CVE-2024-45293 | High | 7.5 | 2024-10-07 | PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The security scanner responsible for preventing XXE attacks in the XLSX reader… |
CVE-2024-45060 | High | 7.1 | 2024-10-07 | PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. One of the sample scripts in PhpSpreadsheet is susceptible to a cross-site scri… |
CVE-2024-45291 | Medium | 6.3 | 2024-10-07 | PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file that links images from… |
CVE-2026-40296 | Medium | 5.4 | 2026-05-06 | PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The HTML writer skips htmlspecialchars escaping when a cell's formatted value d… |
CVE-2026-35453 | Medium | 5.4 | 2026-05-05 | PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.3 and earlier, 2.0.0 through 2.1.15, 2.2.0 through 2.4.4, 3.3.0 through… |
CVE-2024-45292 | Medium | 5.4 | 2024-10-07 | PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. `\PhpOffice\PhpSpreadsheet\Writer\Html` does not sanitize "javascript:" URLs fr… |
CVE-2024-45046 | Medium | 5.4 | 2024-08-28 | PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. In affected versions `\PhpOffice\PhpSpreadsheet\Writer\Html` doesn't sanitize s… |
CVE-2025-54370 | | 2025-08-25 | PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0, SSRF can… | |
CVE-2025-23210 | | 2025-02-03 | phpoffice/phpspreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions have been found to have a Bypass of the Cross-site… | |
CVE-2025-22131 | | 2025-01-20 | PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Cross-Site Scripting (XSS) vulnerability in the code which translates the XLSX file… | |
CVE-2024-56412 | | 2025-01-03 | PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to bypass of the cr… | |
CVE-2024-56411 | | 2025-01-03 | PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting (XSS)… | |
CVE-2024-56410 | | 2025-01-03 | PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting (XSS)… |