open source geospatial foundation (osgeo)
OSS Librariesoss-project
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting open source geospatial foundation (osgeo).
- CVE-2025-21621GeoServer Reflected Cross-Site Scripting (XSS) vulnerability in WMS GetFeatureInfo HTML format6.1
- CVE-2025-58360GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap featureKEV8.2
- CVE-2025-59431MapServer - WFS XML Filter Query SQL injection9.8
- BDU:2025-06763Уязвимость модудей gt-xsd-core и gt-wfs-ng библиотеки GeoTools, позволяющая нарушителю проводить XXE-атаки9.9
- CVE-2025-30220GeoTools, GeoServer, and GeoNetwork XML External Entity (XXE) Processing Vulnerability in XSD schema handling9.9
- CVE-2024-40625GeoServer Coverage REST API Allows Server Side Request Forgery5.5
- CVE-2024-38524GWC Home Page communicate version and revision information5.3
- CVE-2024-34711GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF)9.3
- CVE-2024-29198GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost7.5
- BDU:2024-10977Уязвимость программного обеспечения для администрирования и публикации геоданных на сервере OSGeo GeoServer, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю проводить межсайтовые сценарные атаки (XSS)6.5
- CVE-2024-36404GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions9.8
- CVE-2024-36401Remote Code Execution (RCE) vulnerability in evaluating property name expressions in GeoserverKEV9.8
- CVE-2024-24749Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat7.5
- CVE-2023-35042GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the w...9.8
- CVE-2023-25157Unfiltered SQL Injection Vulnerabilities in Geoserver9.8