Browse all 7 CVE security advisories affecting GeoNode. AI-powered Chinese analysis, POCs, and references for each vulnerability.
GeoNode is an open-source geospatial content management system designed for sharing and collaborating on geographic data and maps. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The platform's 7 recorded CVEs highlight risks in areas like authentication bypass and insecure direct object references. While no major public security incidents have been widely documented, the consistent discovery of vulnerabilities suggests potential exposure risks for organizations implementing GeoNode without proper hardening and regular security updates.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-39922 | GeoNode SSRF via Service Registration — GeoNodeCWE-918 | 8.1 | - | 2026-04-10 |
| CVE-2026-39921 | GeoNode < 4.4.5, 5.0.2 SSRF via Document Upload — GeoNodeCWE-918 | 7.1 | - | 2026-04-10 |
| CVE-2024-27091 | GeoNode stored XSS to full account takeover — geonodeCWE-79 | 6.1 | Medium | 2024-03-27 |
| CVE-2023-42439 | GeoNode SSRF Bypass to return internal host data — geonodeCWE-918 | 7.5 | High | 2023-09-15 |
| CVE-2023-40017 | Geonode Server Side Request Forgery vulnerability — geonodeCWE-918 | 7.5 | High | 2023-08-24 |
| CVE-2023-28442 | Geoserver for GeoNode sensitive information leak — geonodeCWE-200 | 7.5 | High | 2023-03-23 |
| CVE-2023-26043 | XML External Entity (XXE) injection in GeoServer style upload functionality — geonodeCWE-611 | 6.5 | Medium | 2023-02-27 |
This page lists every published CVE security advisory associated with GeoNode. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.