Package impact
COMPOSER / phpoffice/phpspreadsheet
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-34084 | critical | 9.8 | 9.8 | 28d ago | PhpSpreadsheet has SSRF/RCE in IOFactory::load when $filename is user controlled | |
| CVE-2026-40902 | high | 7.5 | 7.5 | 28d ago | PhpSpreadsheet has CPU Denial of Service via Unbounded Row Number in XLSX Row Dimensions | |
| CVE-2026-40863 | high | 7.5 | 7.5 | 28d ago | PhpSpreadsheet has CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML Reader |