Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

The Document Foundation — Vulnerabilities & Security Advisories 26

Browse all 26 CVE security advisories affecting The Document Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products The Document Foundation:LibreOffice
CVE IDTitleCVSSSeverityPaused
CVE-2025-14714 TCC Bypass via Inherited Permissions in Bundled Interpreter — LibreOfficeCWE-288 9.8AICriticalAI2025-12-15
CVE-2025-2866 PDF signature forgery with adbe.pkcs7.sha1 SubFilter — LibreOfficeCWE-347 6.5 -2025-04-27
CVE-2021-25635 Content Manipulation with Certificate Validation Attack — LibreOfficeCWE-295 7.5 -2025-03-21
CVE-2025-1080 Macro URL arbitrary script execution — LibreOfficeCWE-20 8.8 -2025-03-04
CVE-2025-0514 Executable hyperlink Windows path targets executed unconditionally on activation — LibreOfficeCWE-20 6.5 -2025-02-25
CVE-2024-12426 URL fetching can be used to exfiltrate arbitrary INI file values and environment variables — LibreOfficeCWE-200 6.5 -2025-01-07
CVE-2024-12425 Path traversal leading to arbitrary .ttf file write — LibreOfficeCWE-22 6.2 -2025-01-07
CVE-2024-7788 Signatures in "repair mode" should not be trusted — LibreOfficeCWE-347 7.8 High2024-09-17
CVE-2024-6472 Ability to trust not validated macro signatures removed in high security mode — LibreOfficeCWE-295 7.8 High2024-08-05
CVE-2024-5261 TLS certificate are not properly verified when utilizing LibreOfficeKit — LibreOfficeCWE-295 9.1AICriticalAI2024-06-25
CVE-2024-3044 Graphic on-click binding allows unchecked script execution — LibreOfficeCWE-356 7.1 -2024-05-14
CVE-2023-6186 Link targets allow arbitrary script execution — LibreOffice 8.3 High2023-12-11
CVE-2023-6185 Improper input validation enabling arbitrary Gstreamer pipeline injection — LibreOffice 8.3 High2023-12-11
CVE-2023-0950 Array Index UnderFlow in Calc Formula Parsing — LibreOfficeCWE-129 8.8 -2023-05-25
CVE-2023-2255 Remote documents loaded without prompt via IFrame — LibreOfficeCWE-264 5.3 -2023-05-25
CVE-2022-3140 Macro URL arbitrary script execution — LibreOfficeCWE-20 7.6 -2022-10-11
CVE-2022-26307 Weak Master Keys — LibreOfficeCWE-326 8.8 -2022-07-25
CVE-2022-26306 Execution of Untrusted Macros Due to Improper Certificate Validation — LibreOfficeCWE-326 9.1 -2022-07-25
CVE-2022-26305 Execution of Untrusted Macros Due to Improper Certificate Validation — LibreOfficeCWE-295 7.5 -2022-07-25
CVE-2021-25636 Incorrect trust validation of signature with ambiguous KeyInfo children — LibreOfficeCWE-347 7.5 -2022-02-22
CVE-2021-25634 Timestamp Manipulation with Signature Wrapping — LibreOfficeCWE-295 7.5 -2021-10-12
CVE-2021-25633 Content Manipulation with Double Certificate Attack — LibreOfficeCWE-295 7.5 -2021-10-11
CVE-2021-25631 denylist of executable filename extensions possible to bypass under windows — LibreOfficeCWE-184 8.8 -2021-05-03
CVE-2020-12803 XForms submissions could overwrite local files — LibreOffice 6.5 -2020-06-08
CVE-2020-12802 remote graphics contained in docx format retrieved in 'stealth mode' — LibreOfficeCWE-200 5.3 -2020-06-08
CVE-2020-12801 Crash-recovered MSOffice encrypted documents defaulted to not to using encryption on next save — LibreOfficeCWE-311 8.2 -2020-05-18

This page lists every published CVE security advisory associated with The Document Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.