Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package xlsx, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2023-30533 — CVSS 7.8 (high): SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file. In other words. 0.19.2 and earlier are affected…
CVE-2024-22363 — CVSS 7.5 (high): SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service (ReDoS).
CVE-2021-32012 — CVSS 5.5 (medium): SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that…
CVE-2021-32013 — CVSS 5.5 (medium): SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that…
CVE-2021-32014 — CVSS 5.5 (medium): SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (CPU consumption) via a crafted .xlsx document that is…