Geoserver Latest Vulnerabilities

XML External Entity Exploit in GeoServer and GeoNetwork by GeoTools

CVE-2025-30220

GeoserverGeoserver9.9CRITICAL

Denial of Service Vulnerability in GeoServer Affecting Geospatial Data Management

CVE-2025-30145

GeoserverGeoserver7.5HIGH

GeoServer Open Source Server Vulnerability Exposing REST API Security Routes

CVE-2025-27505

GeoserverGeoserver5.3MEDIUM

Open Source Geospatial Server Vulnerability in GeoServer by OSGeo

CVE-2024-40625

GeoserverGeoserver5.5MEDIUM

GeoServer Vulnerability Exposing Sensitive Information in GeoWebCache

CVE-2024-38524

GeoserverGeoserver5.3MEDIUM

Improper URI Validation in GeoServer by GeoTools

CVE-2024-34711

GeoserverGeoserver9.3CRITICAL

Service Side Request Forgery Vulnerability in GeoServer by OSGeo

CVE-2024-29198

GeoserverGeoserver7.5HIGH

Sensitive Information Disclosure in GeoServer Versions

CVE-2024-35230

GeoserverGeoserver5.3MEDIUM

Remote Code Execution Vulnerability in GeoServer Prior to Versions 2.23.6, 2.24.4, and 2.25.2

CVE-2024-36401

GeoserverGeoserver📈💰👾🟡EPSS 94%🦅📰9.8CRITICAL

GeoServer Vulnerability Allows Access to Sensitive Information

CVE-2024-34696

GeoserverGeoserver4.9MEDIUM

Potential Security Vulnerability in GeoServer Prior to Versions 2.23.5 and 2.24.3

CVE-2024-24749

GeoserverGeoserver7.5HIGH

Stored XSS Vulnerability in GeoServer Could Allow Authenticated Administrator to Execute JavaScript in Another User's Browser

CVE-2024-23821

GeoserverGeoserver4.8MEDIUM

Stored XSS Vulnerability in GeoServer Could Allow Authenticated Administrator to Execute JavaScript in Other Users' Browsers

CVE-2024-23819

GeoserverGeoserver4.8MEDIUM

Stored XSS Vulnerability in GeoServer Could Allow Authenticated Administrator to Execute JavaScript in Another User's Browser

CVE-2024-23818

GeoserverGeoserver4.8MEDIUM

Stored XSS vulnerability in GeoServer catalog

CVE-2024-23643

GeoserverGeoserver4.8MEDIUM

Stored XSS Vulnerability in GeoServer Could Allow Authenticated Administrator to Execute JavaScript in Another User's Browser

CVE-2024-23642

GeoserverGeoserver4.8MEDIUM

Stored XSS Vulnerability in GeoServer Could Allow Authenticated Administrator to Execute JavaScript in Another User's Browser

CVE-2024-23640

GeoserverGeoserver4.8MEDIUM

Arbitrary File Renaming Vulnerability in GeoServer Prior to 2.23.5 and 2.24.2

CVE-2024-23634

GeoserverGeoserver6MEDIUM

Stored XSS Vulnerability in GeoServer Could Allow Administrator Privilege Escalation

CVE-2023-51445

GeoserverGeoserver4.8MEDIUM

Arbitrary File Upload Vulnerability in GeoServer Could Lead to Remote Code Execution

CVE-2023-51444

GeoserverGeoserver📰7.2HIGH

Path Traversal Vulnerability in GeoServer Affects Administrator Trust

CVE-2023-41877

GeoserverGeoserver7.2HIGH

GeoServer GeoWebCache rest.html direct request

CVE-2023-5786

GeoserverGeowebcache5.3MEDIUM

Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF in GeoServer

CVE-2023-41339

GeoserverGeoserver8.6HIGH

WPS Server Side Request Forgery in GeoServer

CVE-2023-43795

geoservergeoserverEPSS 90%9.8CRITICAL

Remote Code Execution Vulnerability in GeoServer by GeoSolutions

CVE-2023-35042

GeoserverGeoserverEPSS 31%9.8CRITICAL

geoserver Latest Vulnerabilities

Vulnerability Published:

Sort By:

10 June 2025

XML External Entity Exploit in GeoServer and GeoNetwork by GeoTools

Denial of Service Vulnerability in GeoServer Affecting Geospatial Data Management

GeoServer Open Source Server Vulnerability Exposing REST API Security Routes

Open Source Geospatial Server Vulnerability in GeoServer by OSGeo

GeoServer Vulnerability Exposing Sensitive Information in GeoWebCache

Improper URI Validation in GeoServer by GeoTools

Service Side Request Forgery Vulnerability in GeoServer by OSGeo

16 December 2024

Sensitive Information Disclosure in GeoServer Versions

1 July 2024

Remote Code Execution Vulnerability in GeoServer Prior to Versions 2.23.6, 2.24.4, and 2.25.2

GeoServer Vulnerability Allows Access to Sensitive Information

Potential Security Vulnerability in GeoServer Prior to Versions 2.23.5 and 2.24.3

20 March 2024

Stored XSS Vulnerability in GeoServer Could Allow Authenticated Administrator to Execute JavaScript in Another User's Browser

Stored XSS Vulnerability in GeoServer Could Allow Authenticated Administrator to Execute JavaScript in Other Users' Browsers

Stored XSS Vulnerability in GeoServer Could Allow Authenticated Administrator to Execute JavaScript in Another User's Browser

Stored XSS vulnerability in GeoServer catalog

Stored XSS Vulnerability in GeoServer Could Allow Authenticated Administrator to Execute JavaScript in Another User's Browser

Stored XSS Vulnerability in GeoServer Could Allow Authenticated Administrator to Execute JavaScript in Another User's Browser

Arbitrary File Renaming Vulnerability in GeoServer Prior to 2.23.5 and 2.24.2

Stored XSS Vulnerability in GeoServer Could Allow Administrator Privilege Escalation

Arbitrary File Upload Vulnerability in GeoServer Could Lead to Remote Code Execution

Path Traversal Vulnerability in GeoServer Affects Administrator Trust

26 October 2023

GeoServer GeoWebCache rest.html direct request

25 October 2023

Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF in GeoServer

WPS Server Side Request Forgery in GeoServer

12 June 2023

Remote Code Execution Vulnerability in GeoServer by GeoSolutions