| CVE-2025-58360 |
unknown |
— |
1.5 |
6mo ago |
GeoServer is vulnerable to Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature |
|
| CVE-2024-36401 |
unknown |
— |
1.5 |
2y ago |
Remote Code Execution (RCE) vulnerability in geoserver |
|
| CVE-2025-30220 |
unknown |
— |
— |
1y ago |
[XBOW-025-068] XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service |
|
| CVE-2025-30145 |
unknown |
— |
— |
1y ago |
GeoServer Infinite Loop Vulnerability in Jiffle process |
|
| CVE-2025-27505 |
unknown |
— |
— |
1y ago |
GeoServer Missing Authorization on REST API Index |
|
| CVE-2024-38524 |
unknown |
— |
— |
1y ago |
GWC Home Page communicate version and revision information |
|
| CVE-2024-35230 |
unknown |
— |
— |
2y ago |
Welcome and About GeoServer pages communicate version and revision information |
|
| CVE-2024-24749 |
unknown |
— |
— |
2y ago |
Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat |
|
| CVE-2024-34696 |
unknown |
— |
— |
2y ago |
GeoServer's Server Status shows sensitive environmental variables and Java properties |
|
| CVE-2023-41339 |
unknown |
— |
— |
3y ago |
Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF |
|