Browse all 28 CVE security advisories affecting geoserver. AI-powered Chinese analysis, POCs, and references for each vulnerability.
GeoServer is an open-source Java-based server designed to share and edit geospatial data, primarily serving as a standard-compliant OGC web feature server for GIS applications. Its widespread adoption in mapping infrastructure has made it a frequent target for attackers, resulting in 28 recorded CVEs. Historically, vulnerabilities have predominantly stemmed from insecure deserialization, leading to remote code execution, alongside cross-site scripting and improper access control issues that enable privilege escalation. A notable incident involved a critical RCE flaw in the WMS GetMap functionality, allowing unauthenticated attackers to execute arbitrary commands on the host system. The software’s reliance on complex Java dependencies often introduces supply chain risks, while its default configurations sometimes expose administrative interfaces to the public internet. These factors collectively highlight the necessity for rigorous patch management and strict network segmentation to mitigate exploitation of its known attack surface.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-5786 | GeoServer GeoWebCache rest.html direct request — GeoWebCacheCWE-425 | 5.3 | Medium | 2023-10-26 |
This page lists every published CVE security advisory associated with geoserver. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.