Geoserver Geoserver
27 CVEs affecting Geoserver Geoserver. Latest disclosed: 2025-11-25. Critical: 4, High: 9.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-30220 | Critical | 9.9 | 2025-06-10 | GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema da… |
CVE-2024-36401 | Critical | 9.8 | 2024-07-01 | GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC requ… |
CVE-2023-25157 | Critical | 9.8 | 2023-02-21 | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter… |
CVE-2024-34711 | Critical | 9.3 | 2025-06-10 | GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unautho… |
CVE-2023-43795 | High | 8.6 | 2023-10-24 | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specifica… |
CVE-2023-41339 | High | 8.6 | 2023-10-24 | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sld=<url>``… |
CVE-2025-58360 | High | 8.2 | 2025-11-25 | GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External… |
CVE-2025-30145 | High | 7.5 | 2025-06-10 | GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rend… |
CVE-2024-29198 | High | 7.5 | 2025-06-10 | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Fo… |
CVE-2024-24749 | High | 7.5 | 2024-07-01 | GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Wi… |
CVE-2023-51444 | High | 7.2 | 2024-03-20 | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file upload vulnerability exists… |
CVE-2023-41877 | High | 7.2 | 2024-03-20 | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.2… |
CVE-2022-24847 | High | 7.2 | 2022-04-13 | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform a… |
CVE-2025-21621 | Medium | 6.1 | 2025-11-25 | GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting (XSS) vulnera… |
CVE-2024-23634 | Medium | 6.0 | 2024-03-20 | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exist… |
CVE-2024-40625 | Medium | 5.5 | 2025-06-10 | GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{store… |
CVE-2025-27505 | Medium | 5.3 | 2025-06-10 | GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the i… |
CVE-2024-38524 | Medium | 5.3 | 2025-06-10 | GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletReques… |
CVE-2024-35230 | Medium | 5.3 | 2024-12-16 | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions the welcome and about pag… |
CVE-2024-23821 | Medium | 4.8 | 2024-03-20 | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerabil… |