| CVE-2025-58360 |
unknown |
— |
2.5 |
|
|
|
6mo ago |
OSGeo GeoServer contains an improper restriction of XML external entity reference vulnerability that occurs when the application accepts XML input through a specific endpoint /geoserver/wms operation… |
| CVE-2024-36401 |
unknown |
— |
2.5 |
|
|
|
2y ago |
OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unau… |
| CVE-2025-21621 |
unknown |
— |
— |
|
|
|
6mo ago |
GeoServer has a Reflected Cross-Site Scripting (XSS) vulnerability in its WMS GetFeatureInfo HTML format |
| CVE-2025-30145 |
unknown |
— |
— |
|
|
|
1y ago |
GeoServer Infinite Loop Vulnerability in Jiffle process |
| CVE-2024-23818 |
unknown |
— |
— |
|
|
|
2y ago |
GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS) |
| CVE-2024-23642 |
unknown |
— |
— |
|
|
|
2y ago |
GeoServer's Simple SVG Renderer vulnerable to Stored Cross-Site Scripting (XSS) |
| CVE-2023-41339 |
unknown |
— |
— |
|
|
|
3y ago |
Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF |
| CVE-2023-35042 |
unknown |
— |
— |
|
|
|
3y ago |
GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language |
