Browse all 147 CVE security advisories affecting Esri. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Esri develops geographic information system (GIS) software, enabling organizations to map, analyze, and visualize spatial data for urban planning, logistics, and environmental management. The company’s extensive portfolio, including ArcGIS Server and Portal for ArcGIS, has historically been associated with 147 recorded Common Vulnerabilities and Exposures (CVEs). These security flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation or insecure default configurations in web-facing components. While no single catastrophic breach has defined the vendor’s public history, the high volume of vulnerabilities highlights the complexity of securing large-scale enterprise GIS deployments. Many issues require administrative access to exploit, yet successful attacks can lead to full system compromise or data exfiltration. Continuous patching and strict network segmentation remain critical for mitigating risks associated with these legacy and modern software components within critical infrastructure environments.
This page lists every published CVE security advisory associated with Esri. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.