Security: PHPOffice/PhpSpreadsheet
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML ReaderGHSA-84wq-86v6-x5j6 published
Apr 28, 2026 by oleibmanHigh -
CPU Denial of Service via Unbounded Row Number in XLSX Row DimensionsGHSA-7c6m-4442-2x6m published
Apr 28, 2026 by oleibmanHigh -
XSS via number format code with @ text placeholder bypasses htmlspecialchars in HTML writerGHSA-hrmw-qprp-wgmc published
Apr 26, 2026 by oleibmanModerate -
XSS via NumberFormat @ Text Substitution in HTML WriterGHSA-6wpp-88cp-7q68 published
Apr 26, 2026 by oleibmanModerate -
SSRF/RCE in IOFactory::load when $filename is user controlledGHSA-q4q6-r8wh-5cgh published
Apr 28, 2026 by oleibmanHigh -
Bypass XSS sanitizer using the javascript protocol and special charactersGHSA-r57h-547h-w24f published
Feb 1, 2025 by oleibmanModerate -
SSRF when reading and displaying a processed HTML document in the browserGHSA-rx7m-68vc-ppxh published
Aug 23, 2025 by oleibmanHigh -
Cross-Site Scripting (XSS) vulnerability in generateNavigation() functionGHSA-79xx-vf93-p7cx published
Jan 18, 2025 by oleibmanModerate -
Cross-Site Scripting (XSS) vulnerability in custom propertiesGHSA-wv23-996v-q229 published
Jan 3, 2025 by oleibmanModerate -
Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page headerGHSA-hwcp-2h35-p66w published
Jan 3, 2025 by oleibmanModerate
Learn more about advisories related to PHPOffice/PhpSpreadsheet in the GitHub Advisory Database