VIR Vulnerability Intelligence Relay

Package impact

php Packagist / phpoffice/phpspreadsheet

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-34084 critical 9.8 9.8 29d ago PhpSpreadsheet has SSRF/RCE in IOFactory::load when $filename is user controlled
CVE-2026-40902 high 7.5 7.5 29d ago PhpSpreadsheet has CPU Denial of Service via Unbounded Row Number in XLSX Row Dimensions
CVE-2026-40863 high 7.5 7.5 29d ago PhpSpreadsheet has CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML Reader
CVE-2026-40296 medium 5.4 5.4 1mo ago PhpSpreadsheet has XSS via number format code with @ text placeholder bypasses htmlspecialchars in HTML writer
CVE-2026-35453 medium 5.4 5.4 1mo ago PhpSpreadsheet has XSS via NumberFormat @ Text Substitution in HTML Writer