Osgeo Geonetwork
4 CVEs affecting Osgeo Geonetwork. Latest disclosed: 2026-01-13. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-30220 | Critical | 9.9 | 2025-06-10 | GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema da… |
CVE-2021-28398 | High | 7.2 | 2022-09-05 | A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely… |
CVE-2022-50899 | Medium | 6.5 | 2026-01-13 | Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server… |
CVE-2024-32037 | Unrated | | 2025-02-11 | GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers cont… |