pkg:Packagist/phpoffice/phpexcel

23 total CVEsHIGH11MEDIUM10

✅ Check your installed version

All known vulnerabilities

  • HIGH8.8CVE-2024-45048XXE in PHPSpreadsheet encoding is returned
    from 0, <= 1.8.2
  • HIGH8.8CVE-2019-12331XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue
    from 0, <= 1.8.2
  • HIGH8.8CVE-2018-19277XXE in PHPSpreadsheet due to encoding issue
    from 0, < 1.8.2
  • HIGH7.7CVE-2024-45290PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery when opening XLSX file
    from 0, <= 1.8.2
  • HIGH7.5CVE-2024-48917XXE in PHPSpreadsheet's XLSX reader
    from 0, <= 1.8.2
  • HIGH7.5CVE-2024-47873XmlScanner bypass leads to XXE
    from 0, <= 1.8.2
  • HIGH7.5CVE-2024-45293XXE in PHPSpreadsheet's XLSX reader
    from 0, <= 1.8.2
  • HIGH7.1CVE-2024-56409PhpSpreadsheet allows unauthorized Reflected XSS in Currency.php file
    from 0, <= 1.8.2
  • HIGH7.1CVE-2024-56366PhpSpreadsheet allows unauthorized Reflected XSS in the Accounting.php file
    from 0, <= 1.8.2
  • HIGH7.1CVE-2024-56365PhpSpreadsheet allows unauthorized Reflected XSS in the constructor of the Downloader class
    from 0, <= 1.8.2
  • HIGH7.1CVE-2024-56408PhpSpreadsheet allows unauthorized Reflected XSS in `Convert-Online.php` file
    from 0, <= 1.8.2
  • MEDIUM6.4CVE-2020-7776Cross-site scripting in phpoffice/phpspreadsheet
    from 0, <= 1.8.2
  • MEDIUM6.3CVE-2024-45291PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled
    from 0, <= 1.8.2
  • MEDIUM6.1CVE-2025-22131Cross-Site Scripting (XSS) vulnerability in generateNavigation() function in PhpSpreadsheet
    from 0, <= 1.8.2
  • MEDIUM6.1CVE-2024-45060PhpSpreadsheet has an Unauthenticated Cross-Site-Scripting (XSS) in sample file
    from 0, <= 1.8.2
  • MEDIUM5.4CVE-2025-23210PhpSpreadsheet allows bypassing of XSS sanitizer using the javascript protocol and special characters
    from 0, <= 1.8.2
  • MEDIUM5.4CVE-2024-56412PhpSpreadsheet allows bypass XSS sanitizer using the javascript protocol and special characters
    from 0, <= 1.8.2
  • MEDIUM5.4CVE-2024-56411PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header
    from 0, <= 1.8.2
  • MEDIUM5.4CVE-2024-56410PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability in custom properties
    from 0, <= 1.8.2
  • MEDIUM5.4CVE-2024-45292PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinks
    from 0, <= 1.8.2
  • MEDIUM5.4CVE-2024-45046PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via style information
    from 0, <= 1.8.2
  • CVE-2015-3542PHPExcel XXE Vulnerability
    from 0, < 1.8.1
  • CVE-2014-2054PHPExcel vulnerable to XXE attacks through libxml
    from 0, < 1.8.0