phpoffice/phpspreadsheet Security Advisories for 1.29.7 (3)
-
[HIGH] PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser
PKSA-64jn-3d9t-gncx CVE-2025-54370 GHSA-rx7m-68vc-ppxh
Affected version: <1.30.0|>=2.0.0,<2.1.0|>=2.1.0,<2.1.12|>=2.2.0,<2.3.0|>=2.3.0,<2.4.0|>=3.0.0,<3.10.0|>=4.0.0,<5.0.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] PhpSpreadsheet allows bypassing of XSS sanitizer using the javascript protocol and special characters
PKSA-8b16-mcgz-h4cz CVE-2025-23210 GHSA-r57h-547h-w24f
Affected version: >=2.0.0,<2.1.8|>=2.2.0,<2.3.7|<1.29.9|>=3.0.0,<3.9.0
Reported by:
GitHub -
[MEDIUM] Cross-Site Scripting (XSS) vulnerability in generateNavigation() function in PhpSpreadsheet
PKSA-s99r-9yxm-hjvt CVE-2025-22131 GHSA-79xx-vf93-p7cx
Affected version: >=2.2.0,<2.3.6|>=2.0.0,<2.1.7|<1.29.8|>=3.0.0,<3.8.0
Reported by:
GitHub