| CVE-2025-58360 |
unknown |
— |
1.5 |
6mo ago |
GeoServer is vulnerable to Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature |
|
| CVE-2024-36401 |
unknown |
— |
1.5 |
2y ago |
Remote Code Execution (RCE) vulnerability in geoserver |
|
| CVE-2025-21621 |
unknown |
— |
— |
6mo ago |
GeoServer has a Reflected Cross-Site Scripting (XSS) vulnerability in its WMS GetFeatureInfo HTML format |
|
| CVE-2025-30145 |
unknown |
— |
— |
1y ago |
GeoServer Infinite Loop Vulnerability in Jiffle process |
|
| CVE-2024-23818 |
unknown |
— |
— |
2y ago |
GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS) |
|
| CVE-2024-23642 |
unknown |
— |
— |
2y ago |
GeoServer's Simple SVG Renderer vulnerable to Stored Cross-Site Scripting (XSS) |
|
| CVE-2023-41339 |
unknown |
— |
— |
3y ago |
Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF |
|
| CVE-2023-35042 |
unknown |
— |
— |
3y ago |
GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language |
|