CVE-2025-58360 unknown —
1.5
6mo ago
OSGeo GeoServer contains an improper restriction of XML external entity reference vulnerability that occurs when the application accepts XML input through a specific endpoint /geoserver/wms operation…
java
CVE-2024-36401 unknown —
1.5
2y ago
OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unau…
java
CVE-2025-21621 unknown —
—
6mo ago
GeoServer has a Reflected Cross-Site Scripting (XSS) vulnerability in its WMS GetFeatureInfo HTML format
java
CVE-2025-30220 unknown —
—
1y ago
[XBOW-025-068] XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service
java
CVE-2025-30145 unknown —
—
1y ago
GeoServer Infinite Loop Vulnerability in Jiffle process
java
CVE-2025-27505 unknown —
—
1y ago
GeoServer Missing Authorization on REST API Index
java
CVE-2024-40625 unknown —
—
1y ago
Coverage REST API Server Side Request Forgery
java
CVE-2024-38524 unknown —
—
1y ago
GWC Home Page communicate version and revision information
java
CVE-2024-34711 unknown —
—
1y ago
GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF)
java
CVE-2024-35230 unknown —
—
2y ago
Welcome and About GeoServer pages communicate version and revision information
java
CVE-2024-24749 unknown —
—
2y ago
Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat
java
CVE-2024-34696 unknown —
—
2y ago
GeoServer's Server Status shows sensitive environmental variables and Java properties
java
CVE-2023-41339 unknown —
—
3y ago
Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF
java