Package impact

Maven / org.geoserver.web:gs-web-app

CVE	Severity	CVSS	Risk	Published	Description
CVE-2025-58360	unknown	—	1.5	6mo ago	GeoServer is vulnerable to Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature
CVE-2024-36401	unknown	—	1.5	2y ago	Remote Code Execution (RCE) vulnerability in geoserver
CVE-2025-21621	unknown	—	—	6mo ago	GeoServer has a Reflected Cross-Site Scripting (XSS) vulnerability in its WMS GetFeatureInfo HTML format
CVE-2025-30220	unknown	—	—	1y ago	[XBOW-025-068] XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service
CVE-2025-30145	unknown	—	—	1y ago	GeoServer Infinite Loop Vulnerability in Jiffle process
CVE-2025-27505	unknown	—	—	1y ago	GeoServer Missing Authorization on REST API Index
CVE-2024-40625	unknown	—	—	1y ago	Coverage REST API Server Side Request Forgery
CVE-2024-38524	unknown	—	—	1y ago	GWC Home Page communicate version and revision information
CVE-2024-34711	unknown	—	—	1y ago	GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF)
CVE-2024-35230	unknown	—	—	2y ago	Welcome and About GeoServer pages communicate version and revision information
CVE-2024-24749	unknown	—	—	2y ago	Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat
CVE-2024-34696	unknown	—	—	2y ago	GeoServer's Server Status shows sensitive environmental variables and Java properties
CVE-2023-41339	unknown	—	—	3y ago	Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF