Skip to content

RadicalNotion.AI

We do not sell or share your personal information

© 2026 RadicalNotion.AI

Security Data

CWE Directory
CAPEC Directory
CNA Directory
CNA Report Cards
Data Sources

Calculators

CVSS Calculator
CVSS 4.0
CVSS 3.1
CVSS 3.0
CVSS 2.0

Platform

My Vulnerabilities
Insights
Notifications
Account
Pricing

Learn

All guides
What is a CVE?
What is CVSS?
The CISA KEV catalog
What is EPSS?

Company

About us
Blog
Book a demo

Get Started

Sign up
Log in

Legal

Privacy
Terms

Security data

Weaknesses (CWE)The MITRE CWE weakness catalog
Attack Patterns (CAPEC)MITRE CAPEC attack patterns
CNAsNumbering authorities + report cards
VendorsVulnerabilities by vendor

Tools

CVSS CalculatorScore CVSS 4.0, 3.1, 3.0 & 2.0

Resources

LearnPlain-English security guides
Data SourcesHow we source CVE data

About Us Blog Pricing Book a Demo

Log in

Home
Vendors
The Document Foundation
Libreoffice

The Document Foundation LibreOffice Vulnerabilities: CVEs, CISA KEV & Security Advisories

The Document Foundation

27 CVEs

The Document Foundation LibreOffice Vulnerabilities

CVE security advisories and vulnerability history for LibreOffice by The Document Foundation.

27

Total CVEs

Published

0

In CISA KEV

Exploited in the wild

0

Public exploits

With known exploit

6.3

Avg CVSS

2020–2026

Last updated May 7, 2026

Overview

The Document Foundation LibreOffice has 27 published CVE records since 2020, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 0 have a known public exploit. The average CVSS base score across scored CVEs is 6.3.

This page aggregates every publicly disclosed vulnerability (CVE) affecting The Document Foundation LibreOffice, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list. Affected platforms include MacOS, Windows.

Severity and exploitation

How the CVSS severity of The Document Foundation LibreOffice's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical1

High7

Medium4

Low3

12 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

0

None of The Document Foundation LibreOffice's CVEs are currently listed in CISA's KEV catalog.

Public exploits

0

No The Document Foundation LibreOffice CVEs currently have a tracked public exploit.

Affected versions and CVEs

Browse every The Document Foundation LibreOffice version named in a CVE, then pick one to see only the CVEs that affect it.

Fixed in

Find a version

27 CVEs

Sort

Heap Buffer Overflow in AgileEngine
CVE-2026-4430
Patch
CWE-787
Medium · CVSS 5.4
EPSS 0.0% (4th pct)2026-05-07
TCC Bypass via Inherited Permissions in Bundled Interpreter
CVE-2025-14714
Patch
CWE-288
Low · CVSS 0.9
EPSS 0.0% (8th pct)2025-12-15
PDF signature forgery with adbe.pkcs7.sha1 SubFilter
CVE-2025-2866
Patch
CWE-347
Low · CVSS 2.4
EPSS 0.1% (26th pct)2025-04-27
Medium vulnerability · 2025-03-21
CVE-2021-25635
Patch
CWE-295
Medium · CVSS 5.2
EPSS 0.0% (14th pct)2025-03-21
Macro URL arbitrary script execution
CVE-2025-1080
Patch
CWE-20
High · CVSS 7.2
EPSS 0.1% (30th pct)2025-03-04
Executable hyperlink Windows path targets executed unconditionally on activation
CVE-2025-0514
Patch
CWE-20
High · CVSS 7.2
EPSS 0.2% (42th pct)2025-02-25
URL fetching can be used to exfiltrate arbitrary INI file values and environment variables
CVE-2024-12426
Patch
CWE-200
Medium · CVSS 6.7
EPSS 0.7% (72th pct)2025-01-07
Path traversal leading to arbitrary .ttf file write
CVE-2024-12425
Patch
CWE-22
Low · CVSS 2.4
EPSS 0.4% (60th pct)2025-01-07
High vulnerability · 2024-09-17
CVE-2024-7788
Patch
CWE-347
High · CVSS 7.8
EPSS 0.1% (19th pct)2024-09-17
High vulnerability · 2024-08-05
CVE-2024-6472
Patch
CWE-295
High · CVSS 7.8
EPSS 0.1% (23th pct)2024-08-05
Critical vulnerability · 2024-06-25
CVE-2024-5261
Patch
CWE-295
Critical · CVSS 10.0
EPSS 0.5% (68th pct)2024-06-25
Medium vulnerability · 2024-05-14
CVE-2024-3044
Patch
CWE-356
Medium · CVSS 6.5
EPSS 2.4% (85th pct)2024-05-14
High vulnerability · 2023-12-11
CVE-2023-6186
Patch
High · CVSS 8.3
EPSS 1.0% (77th pct)2023-12-11
High vulnerability · 2023-12-11
CVE-2023-6185
Patch
High · CVSS 8.3
EPSS 1.4% (81th pct)2023-12-11
Vulnerability · 2023-05-25
CVE-2023-2255
Patch
CWE-264
Unscored
EPSS 43.6% (98th pct)2023-05-25
High vulnerability · 2023-05-25
CVE-2023-0950
Patch
CWE-129
High · CVSS 7.8
EPSS 0.1% (20th pct)2023-05-25
Vulnerability · 2022-10-11
CVE-2022-3140
Patch
CWE-20
Unscored
EPSS 1.3% (80th pct)2022-10-11
Vulnerability · 2022-07-25
CVE-2022-26307
Patch
CWE-326
Unscored
EPSS 0.3% (53th pct)2022-07-25
Vulnerability · 2022-07-25
CVE-2022-26306
Patch
CWE-326
Unscored
EPSS 0.4% (64th pct)2022-07-25
Vulnerability · 2022-07-25
CVE-2022-26305
Patch
CWE-295
Unscored
EPSS 0.7% (73th pct)2022-07-25
Vulnerability · 2022-02-22
CVE-2021-25636
Patch
CWE-347
Unscored
EPSS 0.2% (45th pct)2022-02-22
Vulnerability · 2021-10-12
CVE-2021-25634
Patch
CWE-295
Unscored
EPSS 0.3% (53th pct)2021-10-12
Vulnerability · 2021-10-11
CVE-2021-25633
Patch
CWE-295
Unscored
EPSS 0.4% (60th pct)2021-10-11
Vulnerability · 2021-05-03
CVE-2021-25631
Patch
CWE-184
Unscored
EPSS 1.3% (80th pct)2021-05-03
Vulnerability · 2020-06-08
CVE-2020-12803
Patch
Unscored
EPSS 0.5% (64th pct)2020-06-08
remote graphics contained in docx format retrieved in 'stealth mode'
CVE-2020-12802
Patch
CWE-200
Unscored
EPSS 0.4% (61th pct)2020-06-08
Vulnerability · 2020-05-18
CVE-2020-12801
Patch
CWE-311
Unscored
EPSS 0.2% (40th pct)2020-05-18

Common weakness types

The CWE weakness categories most often found in The Document Foundation LibreOffice CVEs. Follow any weakness for its full explanation.

CWE-295Improper Certificate Validation6 CVEs
CWE-347Improper Verification of Cryptographic Signature3 CVEs
CWE-20Improper Input Validation3 CVEs
CWE-200Exposure of Sensitive Information to an Unauthorized Actor2 CVEs
CWE-326Inadequate Encryption Strength2 CVEs
CWE-311Missing Encryption of Sensitive Data1 CVE
CWE-356Product UI does not Warn User of Unsafe Actions1 CVE
CWE-129Improper Validation of Array Index1 CVE

Disclosure activity by year

How many The Document Foundation LibreOffice CVEs were published each year.

2020

3

2021

3

2022

5

2023

4

2024

4

2025

7

2026

1

Other The Document Foundation products

Browse vulnerabilities for other products by The Document Foundation.

LibreOffice Online1 CVEs

All The Document Foundation vulnerabilities

Frequently asked questions

Common questions about The Document Foundation LibreOffice vulnerabilities.

How many CVEs does The Document Foundation LibreOffice have?

The Document Foundation LibreOffice has 27 published CVE records since 2020.

How many The Document Foundation LibreOffice CVEs are in CISA KEV?

None of The Document Foundation LibreOffice's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.

Are there public exploits for The Document Foundation LibreOffice vulnerabilities?

No The Document Foundation LibreOffice CVEs currently have a tracked public exploit in this dataset.

Which versions of The Document Foundation LibreOffice are affected?

33 distinct The Document Foundation LibreOffice versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.

What are the most common weakness types in The Document Foundation LibreOffice CVEs?

The Document Foundation LibreOffice's CVEs most often map to these CWE weakness types: CWE-295 (Improper Certificate Validation), CWE-347 (Improper Verification of Cryptographic Signature), CWE-20 (Improper Input Validation), CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor).

How many critical The Document Foundation LibreOffice vulnerabilities are there?

The Document Foundation LibreOffice has 1 critical and 7 high-severity CVEs.

What is the average severity of The Document Foundation LibreOffice CVEs?

The average CVSS base score across The Document Foundation LibreOffice's scored CVEs is 6.3.

References

All The Document Foundation vulnerabilities
The MITRE CVE Program (opens in a new tab)
Learn: What is a CVE?
CWE directory: the weakness types these CVEs map to

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track The Document Foundation LibreOffice vulnerabilities

Monitor new The Document Foundation LibreOffice vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing

On this page

Overview
Severity and exploitation
Affected versions and CVEs
Common weakness types
Disclosure activity
Other products
FAQ
References