Office Online Server Microsoft Office Online Server

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Office Online Server.

Recent Microsoft Office Online Server Security Advisories

Advisory Title Published
CVE-2021-34451 Microsoft Office Online Server Spoofing Vulnerability July 13, 2021

By the Year

In 2025 there have been 15 vulnerabilities in Microsoft Office Online Server with an average score of 7.8 out of ten. Last year, in 2024 Office Online Server had 3 security vulnerabilities published. That is, 12 more vulnerabilities have already been reported in 2025 as compared to last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.04.




Year Vulnerabilities Average Score
2025 15 7.84
2024 3 7.80
2023 11 7.45
2022 13 6.89
2021 30 7.41
2020 29 7.31
2019 10 7.29
2018 6 6.82

It may take a day or so for new Office Online Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Office Online Server Security Vulnerabilities

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel

CVE-2025-30383 7.8 - High - May 13, 2025

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Object Type Confusion

Heap-based buffer overflow in Microsoft Office Excel

CVE-2025-30376 7.8 - High - May 13, 2025

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Memory Corruption

Use after free in Microsoft Office

CVE-2025-30377 7.8 - High - May 13, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Release of invalid pointer or reference in Microsoft Office Excel

CVE-2025-30379 7.8 - High - May 13, 2025

Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Release of Invalid Pointer or Reference

Out-of-bounds read in Microsoft Office Excel

CVE-2025-30381 7.8 - High - May 13, 2025

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Out-of-bounds Read

Use after free in Microsoft Office Excel

CVE-2025-29977 7.8 - High - May 13, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Heap-based buffer overflow in Microsoft Office Excel

CVE-2025-29979 7.8 - High - May 13, 2025

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Memory Corruption

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel

CVE-2025-30375 7.8 - High - May 13, 2025

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Object Type Confusion

Microsoft Excel Remote Code Execution Vulnerability

CVE-2025-21381 7.8 - High - February 11, 2025

Microsoft Excel Remote Code Execution Vulnerability

Untrusted Pointer Dereference

Microsoft Excel Remote Code Execution Vulnerability

CVE-2025-21386 7.8 - High - February 11, 2025

Microsoft Excel Remote Code Execution Vulnerability

Dangling pointer

Microsoft Excel Remote Code Execution Vulnerability

CVE-2025-21390 7.8 - High - February 11, 2025

Microsoft Excel Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Microsoft Excel Remote Code Execution Vulnerability

CVE-2025-21394 7.8 - High - February 11, 2025

Microsoft Excel Remote Code Execution Vulnerability

Dangling pointer

Microsoft Excel Remote Code Execution Vulnerability

CVE-2025-21387 7.8 - High - February 11, 2025

Microsoft Excel Remote Code Execution Vulnerability

Dangling pointer

Microsoft Excel Remote Code Execution Vulnerability

CVE-2025-21354 7.8 - High - January 14, 2025

Microsoft Excel Remote Code Execution Vulnerability

Untrusted Pointer Dereference

Microsoft Excel Remote Code Execution Vulnerability

CVE-2025-21362 8.4 - High - January 14, 2025

Microsoft Excel Remote Code Execution Vulnerability

Dangling pointer

Microsoft Excel Remote Code Execution Vulnerability

CVE-2024-49026 7.8 - High - November 12, 2024

Microsoft Excel Remote Code Execution Vulnerability

Command Injection

Microsoft Excel Elevation of Privilege Vulnerability

CVE-2024-43465 7.8 - High - September 10, 2024

Microsoft Excel Elevation of Privilege Vulnerability

Dangling pointer

Microsoft Excel Remote Code Execution Vulnerability

CVE-2024-30042 7.8 - High - May 14, 2024

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Information Disclosure Vulnerability

CVE-2023-36766 5.5 - Medium - September 12, 2023

Microsoft Excel Information Disclosure Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2023-36896 7.8 - High - August 08, 2023

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Office Remote Code Execution Vulnerability

CVE-2023-35371 7.8 - High - August 08, 2023

Microsoft Office Remote Code Execution Vulnerability

Microsoft Excel Information Disclosure Vulnerability

CVE-2023-33162 5.5 - Medium - July 11, 2023

Microsoft Excel Information Disclosure Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2023-32029 7.8 - High - June 14, 2023

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2023-33133 7.8 - High - June 14, 2023

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2023-33137 7.8 - High - June 14, 2023

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2023-24953 7.8 - High - May 09, 2023

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Denial of Service Vulnerability

CVE-2023-23396 6.5 - Medium - March 14, 2023

Microsoft Excel Denial of Service Vulnerability

Resource Exhaustion

Microsoft Excel Remote Code Execution Vulnerability

CVE-2023-23399 7.8 - High - March 14, 2023

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Word Remote Code Execution Vulnerability

CVE-2023-21716 9.8 - Critical - February 14, 2023

Microsoft Word Remote Code Execution Vulnerability

Microsoft Word Information Disclosure Vulnerability

CVE-2022-41060 5.5 - Medium - November 09, 2022

Microsoft Word Information Disclosure Vulnerability

Microsoft Word Remote Code Execution Vulnerability

CVE-2022-41061 7.8 - High - November 09, 2022

Microsoft Word Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2022-41063 7.8 - High - November 09, 2022

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Word Information Disclosure Vulnerability

CVE-2022-41103 5.5 - Medium - November 09, 2022

Microsoft Word Information Disclosure Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2022-41106 8.8 - High - November 09, 2022

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2022-33648 7.8 - High - August 09, 2022

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Office Information Disclosure Vulnerability

CVE-2022-30159 5.5 - Medium - June 15, 2022

Microsoft Office Information Disclosure Vulnerability

Microsoft Office Information Disclosure Vulnerability

CVE-2022-30171 5.5 - Medium - June 15, 2022

Microsoft Office Information Disclosure Vulnerability

Microsoft Office Information Disclosure Vulnerability

CVE-2022-30172 5.5 - Medium - June 15, 2022

Microsoft Office Information Disclosure Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2022-29109 7.8 - High - May 10, 2022

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2022-26901 7.8 - High - April 15, 2022

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Information Disclosure Vulnerability

CVE-2022-22716 5.5 - Medium - February 09, 2022

Microsoft Excel Information Disclosure Vulnerability

Buffer Overflow

Microsoft Office Remote Code Execution Vulnerability

CVE-2022-21840 8.8 - High - January 11, 2022

Microsoft Office Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-43256 7.8 - High - December 15, 2021

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-40442 7.8 - High - November 10, 2021

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-40474 7.8 - High - October 13, 2021

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Word Remote Code Execution Vulnerability

CVE-2021-40486 7.8 - High - October 13, 2021

Microsoft Word Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-40485 7.8 - High - October 13, 2021

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Information Disclosure Vulnerability

CVE-2021-40472 5.5 - Medium - October 13, 2021

Microsoft Excel Information Disclosure Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-38655 7.8 - High - September 15, 2021

Microsoft Excel Remote Code Execution Vulnerability

Dangling pointer

Microsoft Office Online Server Spoofing Vulnerability

CVE-2021-34451 5.3 - Medium - July 16, 2021

Microsoft Office Online Server Spoofing Vulnerability

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Office Online Server or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

subscribe