Org.geoserver:gs-wms
This hub aggregates every CVE we track for Org.geoserver:gs-wms, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
8
CVEs tracked
2
Critical
3
High
2
In CISA KEV
Severity distribution
HIGH3MEDIUM3CRITICAL2
Monthly trend
1
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
2
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 8 most recently published vulnerabilities affecting Org.geoserver:gs-wms.
- CVE-2025-21621GeoServer Reflected Cross-Site Scripting (XSS) vulnerability in WMS GetFeatureInfo HTML format6.1
- CVE-2025-58360GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap featureKEV8.2
- CVE-2025-30145GeoServer has an Infinite Loop Vulnerability in Jiffle process7.5
- CVE-2024-36401Remote Code Execution (RCE) vulnerability in evaluating property name expressions in GeoserverKEV9.8
- CVE-2024-23818GeoServer Stored Cross-Site Scripting (XSS) vulnerability in WMS OpenLayers Format4.8
- CVE-2024-23642GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Simple SVG Renderer4.8
- CVE-2023-41339Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF in GeoServer8.6
- CVE-2023-35042GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the w...9.8
Product normalization is registry-driven with AI assist and human review. How it works