Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

geoserver — Vulnerabilities & Security Advisories 28

Browse all 28 CVE security advisories affecting geoserver. AI-powered Chinese analysis, POCs, and references for each vulnerability.

GeoServer is an open-source Java-based server designed to share and edit geospatial data, primarily serving as a standard-compliant OGC web feature server for GIS applications. Its widespread adoption in mapping infrastructure has made it a frequent target for attackers, resulting in 28 recorded CVEs. Historically, vulnerabilities have predominantly stemmed from insecure deserialization, leading to remote code execution, alongside cross-site scripting and improper access control issues that enable privilege escalation. A notable incident involved a critical RCE flaw in the WMS GetMap functionality, allowing unauthenticated attackers to execute arbitrary commands on the host system. The software’s reliance on complex Java dependencies often introduces supply chain risks, while its default configurations sometimes expose administrative interfaces to the public internet. These factors collectively highlight the necessity for rigorous patch management and strict network segmentation to mitigate exploitation of its known attack surface.

Top products by geoserver: geoserver GeoWebCache
CVE IDTitleCVSSSeverityPublished
CVE-2025-21621 GeoServer Reflected Cross-Site Scripting (XSS) vulnerability in WMS GetFeatureInfo HTML format — geoserverCWE-79 6.1 Medium2025-11-25
CVE-2025-58360 GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature — geoserverCWE-611 8.2 High2025-11-25
CVE-2025-30220 GeoTools, GeoServer, and GeoNetwork XML External Entity (XXE) Processing Vulnerability in XSD schema handling — geoserverCWE-611 9.9 Critical2025-06-10
CVE-2025-30145 GeoServer has an Infinite Loop Vulnerability in Jiffle process — geoserverCWE-835 7.5 High2025-06-10
CVE-2025-27505 GeoServer Missing Authorization on REST API Index — geoserverCWE-862 5.3 Medium2025-06-10
CVE-2024-40625 GeoServer Coverage REST API Allows Server Side Request Forgery — geoserverCWE-918 5.5 Medium2025-06-10
CVE-2024-38524 GWC Home Page communicate version and revision information — geoserverCWE-200 5.3 Medium2025-06-10
CVE-2024-34711 GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF) — geoserverCWE-200 9.3 Critical2025-06-10
CVE-2024-29198 GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost — geoserverCWE-918 7.5 High2025-06-10
CVE-2024-35230 Welcome and About GeoServer pages communicate version and revision information — geoserverCWE-200 5.3 Medium2024-12-16
CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver — geoserverCWE-95 9.8 Critical2024-07-01
CVE-2024-34696 GeoServer's Server Status shows sensitive environmental variables and Java properties — geoserverCWE-200 4.5 Medium2024-07-01
CVE-2024-24749 Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat — geoserverCWE-22 7.5 High2024-07-01
CVE-2024-23821 GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS) — geoserverCWE-79 4.8 Medium2024-03-20
CVE-2024-23819 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in MapML HTML Page — geoserverCWE-79 4.8 Medium2024-03-20
CVE-2024-23818 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in WMS OpenLayers Format — geoserverCWE-79 4.8 Medium2024-03-20
CVE-2024-23643 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in GWC Seed Form — geoserverCWE-79 4.8 Medium2024-03-20
CVE-2024-23642 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Simple SVG Renderer — geoserverCWE-79 4.8 Medium2024-03-20
CVE-2024-23640 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Style Publisher — geoserverCWE-79 4.8 Medium2024-03-20
CVE-2024-23634 GeoServer arbitrary file renaming vulnerability in REST Coverage/Data Store API — geoserverCWE-20 6.0 Medium2024-03-20
CVE-2023-51445 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in REST Resources API — geoserverCWE-79 4.8 Medium2024-03-20
CVE-2023-51444 GeoServer arbitrary file upload vulnerability in REST Coverage Store API — geoserverCWE-20 7.2 High2024-03-20
CVE-2023-41877 GeoServer log file path traversal vulnerability — geoserverCWE-22 7.2 High2024-03-20
CVE-2023-5786 GeoServer GeoWebCache rest.html direct request — GeoWebCacheCWE-425 5.3 Medium2023-10-26
CVE-2023-43795 WPS Server Side Request Forgery in GeoServer — geoserverCWE-918 8.6 High2023-10-24
CVE-2023-41339 Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF in GeoServer — geoserverCWE-918 8.6 High2023-10-24
CVE-2023-25157 Unfiltered SQL Injection Vulnerabilities in Geoserver — geoserverCWE-89 9.8 Critical2023-02-21
CVE-2022-24847 Improper Input Validation in GeoServer — geoserverCWE-20 7.2 High2022-04-13

This page lists every published CVE security advisory associated with geoserver. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.