Org.geoserver.web:gs-web-app
This hub aggregates every CVE we track for Org.geoserver.web:gs-web-app, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
16
CVEs tracked
3
Critical
5
High
2
In CISA KEV
Severity distribution
MEDIUM8HIGH5CRITICAL3
Monthly trend
3
0
0
0
0
1
0
0
0
0
0
6
0
0
0
0
2
0
0
0
0
0
0
2
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Org.geoserver.web:gs-web-app.
- CVE-2025-58175GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution6.5
- CVE-2025-52465GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page7.2
- CVE-2025-21621GeoServer Reflected Cross-Site Scripting (XSS) vulnerability in WMS GetFeatureInfo HTML format6.1
- CVE-2025-58360GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap featureKEV8.2
- CVE-2025-30220GeoTools, GeoServer, and GeoNetwork XML External Entity (XXE) Processing Vulnerability in XSD schema handling9.9
- CVE-2025-30145GeoServer has an Infinite Loop Vulnerability in Jiffle process7.5
- CVE-2025-27505GeoServer Missing Authorization on REST API Index5.3
- CVE-2024-40625GeoServer Coverage REST API Allows Server Side Request Forgery5.5
- CVE-2024-38524GWC Home Page communicate version and revision information5.3
- CVE-2024-34711GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF)9.3
- CVE-2024-35230Welcome and About GeoServer pages communicate version and revision information5.3
- CVE-2024-36401Remote Code Execution (RCE) vulnerability in evaluating property name expressions in GeoserverKEV9.8
- CVE-2024-34696 GeoServer's Server Status shows sensitive environmental variables and Java properties4.5
- CVE-2024-24749Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat7.5
- CVE-2023-41339Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF in GeoServer8.6
Product normalization is registry-driven with AI assist and human review. How it works