| CVE-2025-58360 |
unknown |
— |
2.5 |
|
|
|
6mo ago |
OSGeo GeoServer contains an improper restriction of XML external entity reference vulnerability that occurs when the application accepts XML input through a specific endpoint /geoserver/wms operation… |
| CVE-2024-36401 |
unknown |
— |
2.5 |
|
|
|
2y ago |
OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unau… |
| CVE-2025-21621 |
unknown |
— |
— |
|
|
|
6mo ago |
GeoServer has a Reflected Cross-Site Scripting (XSS) vulnerability in its WMS GetFeatureInfo HTML format |
| CVE-2025-30220 |
unknown |
— |
— |
|
|
|
1y ago |
[XBOW-025-068] XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service |
| CVE-2025-30145 |
unknown |
— |
— |
|
|
|
1y ago |
GeoServer Infinite Loop Vulnerability in Jiffle process |
| CVE-2025-27505 |
unknown |
— |
— |
|
|
|
1y ago |
GeoServer Missing Authorization on REST API Index |
| CVE-2024-40625 |
unknown |
— |
— |
|
|
|
1y ago |
Coverage REST API Server Side Request Forgery |
| CVE-2024-38524 |
unknown |
— |
— |
|
|
|
1y ago |
GWC Home Page communicate version and revision information |
| CVE-2024-34711 |
unknown |
— |
— |
|
|
|
1y ago |
GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF) |
| CVE-2024-35230 |
unknown |
— |
— |
|
|
|
2y ago |
Welcome and About GeoServer pages communicate version and revision information |
| CVE-2024-24749 |
unknown |
— |
— |
|
|
|
2y ago |
Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat |
| CVE-2024-34696 |
unknown |
— |
— |
|
|
|
2y ago |
GeoServer's Server Status shows sensitive environmental variables and Java properties |
| CVE-2023-41339 |
unknown |
— |
— |
|
|
|
3y ago |
Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF |
