An open index of dependabot pull requests across open source projects.

phpoffice/phpspreadsheet

Ecosystem:
packagist
Package URL:
pkg:composer/phpoffice/phpspreadsheet
Total PRs:
353 Dependabot PRs
Latest PR:
about 1 month ago
Unique Repositories:
198 repositories
Unique Repos (30 days):
1 repository
Security Advisories
XXE in PHPSpreadsheet's XLSX reader
GHSA-6hwr-6v2f-3m88 CVE-2024-45293 HIGH published almost 2 years ago • updated about 5 hours ago
### Summary The security scanner responsible for preventing XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure,...
XXE in PHPSpreadsheet due to encoding issue
GHSA-xcrg-29h7-h4cj CVE-2018-19277 HIGH published over 6 years ago • updated about 6 hours ago
securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file
PhpSpreadsheet has SSRF/RCE in IOFactory::load when $filename is user controlled
GHSA-q4q6-r8wh-5cgh CVE-2026-34084 CRITICAL published 2 months ago • updated 3 days ago
The usage of `is_file`, used to verify if the `$filename` is indeed an actual file, by all(?) `Reader` implementations (inside the helper function ...
Cross-Site Scripting (XSS) vulnerability in generateNavigation() function in PhpSpreadsheet
GHSA-79xx-vf93-p7cx CVE-2025-22131 MODERATE published over 1 year ago • updated about 6 hours ago
### Summary The researcher discovered zero-day vulnerability Cross-Site Scripting (XSS) vulnerability in the code which translates the XLSX file in...
PhpSpreadsheet allows bypass XSS sanitizer using the javascript protocol and special characters
GHSA-q9jv-mm3r-j47r CVE-2024-56412 MODERATE published over 1 year ago • updated about 22 hours ago
# Bypass XSS sanitizer using the javascript protocol and special characters **Product**: Phpspreadsheet **Version**: version 3.6.0 **CWE-ID**: CWE...
Recent PRs
Package Details
Name: phpoffice/phpspreadsheet
Ecosystem: packagist
PURL Type: composer
Package URL: pkg:composer/phpoffice/phpspreadsheet
JSON API: View JSON
Security Advisories

28

Active advisories
CRITICAL 2
HIGH 14
MODERATE 12
View All composer Advisories
Package Information
Description:

PHPSpreadsheet - Read, Create and Write Spreadsheet documents in PHP - Spreadsheet engine

Repository: https://github.com/PHPOffice/PhpSpreadsheet
Homepage: https://github.com/PHPOffice/PhpSpreadsheet
Latest Release: 4.3.1
about 1 year ago
Dependent Repos: 20,090
Dependent Packages: 1,063
Downloads: 236,155,896
Ranking: Top 0.0638% by dependent repos Top 0.0389% by downloads Top 0.0406% by dependent pkgs
PR Status
Open 138 (39.1%)
Merged 64 (18.1%)
Closed 129 (36.5%)
PR Types
Major 76 (21.5%)
Minor 192 (54.4%)
Patch 42 (11.9%)