Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

geoserver — Vulnerabilities & Security Advisories 27

All 27 CVE vulnerabilities found in geoserver, with AI-generated Chinese analysis, references, and POCs.

Vendor: geoserver

CVE IDTitleCVSSSeverityPublished
CVE-2025-21621 GeoServer Reflected Cross-Site Scripting (XSS) vulnerability in WMS GetFeatureInfo HTML format CWE-79 6.1 Medium2025-11-25
CVE-2025-58360 GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature CWE-611 8.2 High2025-11-25
CVE-2025-30220 GeoTools, GeoServer, and GeoNetwork XML External Entity (XXE) Processing Vulnerability in XSD schema handling CWE-611 9.9 Critical2025-06-10
CVE-2025-30145 GeoServer has an Infinite Loop Vulnerability in Jiffle process CWE-835 7.5 High2025-06-10
CVE-2025-27505 GeoServer Missing Authorization on REST API Index CWE-862 5.3 Medium2025-06-10
CVE-2024-40625 GeoServer Coverage REST API Allows Server Side Request Forgery CWE-918 5.5 Medium2025-06-10
CVE-2024-38524 GWC Home Page communicate version and revision information CWE-200 5.3 Medium2025-06-10
CVE-2024-34711 GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF) CWE-200 9.3 Critical2025-06-10
CVE-2024-29198 GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost CWE-918 7.5 High2025-06-10
CVE-2024-35230 Welcome and About GeoServer pages communicate version and revision information CWE-200 5.3 Medium2024-12-16
CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver CWE-95 9.8 Critical2024-07-01
CVE-2024-34696 GeoServer's Server Status shows sensitive environmental variables and Java properties CWE-200 4.5 Medium2024-07-01
CVE-2024-24749 Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat CWE-22 7.5 High2024-07-01
CVE-2024-23821 GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS) CWE-79 4.8 Medium2024-03-20
CVE-2024-23819 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in MapML HTML Page CWE-79 4.8 Medium2024-03-20
CVE-2024-23818 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in WMS OpenLayers Format CWE-79 4.8 Medium2024-03-20
CVE-2024-23643 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in GWC Seed Form CWE-79 4.8 Medium2024-03-20
CVE-2024-23642 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Simple SVG Renderer CWE-79 4.8 Medium2024-03-20
CVE-2024-23640 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Style Publisher CWE-79 4.8 Medium2024-03-20
CVE-2024-23634 GeoServer arbitrary file renaming vulnerability in REST Coverage/Data Store API CWE-20 6.0 Medium2024-03-20
CVE-2023-51445 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in REST Resources API CWE-79 4.8 Medium2024-03-20
CVE-2023-51444 GeoServer arbitrary file upload vulnerability in REST Coverage Store API CWE-20 7.2 High2024-03-20
CVE-2023-41877 GeoServer log file path traversal vulnerability CWE-22 7.2 High2024-03-20
CVE-2023-43795 WPS Server Side Request Forgery in GeoServer CWE-918 8.6 High2023-10-24
CVE-2023-41339 Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF in GeoServer CWE-918 8.6 High2023-10-24
CVE-2023-25157 Unfiltered SQL Injection Vulnerabilities in Geoserver CWE-89 9.8 Critical2023-02-21
CVE-2022-24847 Improper Input Validation in GeoServer CWE-20 7.2 High2022-04-13

All 27 known CVE vulnerabilities affecting geoserver with full Chinese analysis, references, and POCs where available.