geoserver

Top products

The 15 most recently published vulnerabilities affecting geoserver.

• CVE-2025-58175GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution6.5Jun 18, 2026
• CVE-2025-52465GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page7.2Jun 18, 2026
• CVE-2025-27511GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection7.2Jun 18, 2026
• CVE-2025-21621GeoServer Reflected Cross-Site Scripting (XSS) vulnerability in WMS GetFeatureInfo HTML format6.1Nov 25, 2025
• CVE-2025-58360GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap featureKEV8.2Nov 25, 2025
• CVE-2025-30220GeoTools, GeoServer, and GeoNetwork XML External Entity (XXE) Processing Vulnerability in XSD schema handling9.9Jun 10, 2025
• CVE-2025-30145GeoServer has an Infinite Loop Vulnerability in Jiffle process7.5Jun 10, 2025
• CVE-2025-27505GeoServer Missing Authorization on REST API Index5.3Jun 10, 2025
• CVE-2024-40625GeoServer Coverage REST API Allows Server Side Request Forgery5.5Jun 10, 2025
• CVE-2024-38524GWC Home Page communicate version and revision information5.3Jun 10, 2025
• CVE-2024-34711GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF)9.3Jun 10, 2025
• CVE-2024-29198GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost7.5Jun 10, 2025
• CVE-2024-35230Welcome and About GeoServer pages communicate version and revision information5.3Dec 16, 2024
• CVE-2024-36401Remote Code Execution (RCE) vulnerability in evaluating property name expressions in GeoserverKEV9.8Jul 1, 2024
• CVE-2024-34696 GeoServer's Server Status shows sensitive environmental variables and Java properties4.5Jul 1, 2024