Overview · PHPOffice/PhpSpreadsheet · GitHub

Security

No security policy detected

This project has not set up a SECURITY.md file yet.

Report a vulnerability

Bypass XSS sanitizer using the javascript protocol and special characters
GHSA-q9jv-mm3r-j47r published Jan 3, 2025 by oleibman

Moderate
Unauthorized Reflected XSS in Currency.php file
GHSA-j2xg-cjcx-4677 published Jan 3, 2025 by oleibman

High
Unauthorized Reflected XSS in the Accounting.php file
GHSA-c6fv-7vh8-2rhr published Jan 3, 2025 by oleibman

High
Unauthorized Reflected XSS in `Convert-Online.php` file
GHSA-x88g-h956-m5xg published Jan 3, 2025 by oleibman

High
Unauthorized Reflected XSS in the constructor of the Downloader class
GHSA-jmpx-686v-c3wx published Jan 3, 2025 by oleibman

High
XXE in PHPSpreadsheet's XLSX reader
GHSA-7cc9-j4mv-vcjp published Nov 16, 2024 by oleibman

High
XmlScanner bypass leads to XXE
GHSA-jw4x-v69f-hh5w published Nov 16, 2024 by oleibman

High
XXE in PHPSpreadsheet's XLSX reader
GHSA-6hwr-6v2f-3m88 published Oct 7, 2024 by oleibman

High
Absolute path traversal and Server-Side Request Forgery when opening XLSX file
GHSA-5gpr-w2p5-6m37 published Oct 7, 2024 by oleibman

High
Absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled
GHSA-w9xv-qf98-ccq4 published Oct 7, 2024 by oleibman

Moderate

Learn more about advisories related to PHPOffice/PhpSpreadsheet in the GitHub Advisory Database