Package impact
COMPOSER / phpoffice/phpspreadsheet
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-34084 | critical | 9.8 | 9.8 | 1mo ago | PhpSpreadsheet has SSRF/RCE in IOFactory::load when $filename is user controlled | |||
| CVE-2026-40902 | high | 7.5 | 7.5 | 1mo ago | PhpSpreadsheet has CPU Denial of Service via Unbounded Row Number in XLSX Row Dimensions | |||
| CVE-2026-40863 | high | 7.5 | 7.5 | 1mo ago | PhpSpreadsheet has CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML Reader |