Home/Product/geoserver
Product

geoserver

32 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-21621
< 2.25.0
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross
6.1MEDIUM
 CVE-2025-58360
< 2.25.6
GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and b
8.2HIGH
 CVE-2025-30220
< 2.25.7
GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD l
9.9CRITICAL
 CVE-2025-30145
< 2.25.7
GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed b
7.5HIGH
 CVE-2025-27505
< 2.25.6
GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST
5.3MEDIUM
 CVE-2024-40625
< 2.26.0
GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspa
5.5MEDIUM
 CVE-2024-38524
< 2.25.6
GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.hand
5.3MEDIUM
 CVE-2024-34711
< 2.25.0
GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability e
9.3CRITICAL
 CVE-2024-29198
>= 2.0.0 and < 2.24.4
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to ac
7.5HIGH
 CVE-2024-35230
>= 2.0.0 and < 2.25.1
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versi
5.3MEDIUM
 CVE-2024-36401
< 2.22.6
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4,
9.8CRITICAL
 CVE-2024-34696
>= 2.10.0 and < 2.24.4
GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to ve
4.5MEDIUM
 CVE-2024-24749
< 2.23.5
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if Ge
7.5HIGH
 CVE-2024-23821
< 2.23.4
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-si
4.8MEDIUM
 CVE-2024-23819
< 2.23.4
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-si
4.8MEDIUM
 CVE-2024-23818
< 2.23.3
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-si
4.8MEDIUM
 CVE-2024-23643
< 2.23.2
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-si
4.8MEDIUM
 CVE-2024-23642
< 2.23.4
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-si
4.8MEDIUM
 CVE-2024-23640
< 2.23.3
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-si
4.8MEDIUM
 CVE-2024-23634
< 2.23.5
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file
6.0MEDIUM
 CVE-2023-51445
< 2.23.3
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-si
4.8MEDIUM
 CVE-2023-51444
< 2.23.4
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file
7.2HIGH
 CVE-2023-41877
<= 2.23.4
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal
7.2HIGH
 CVE-2023-5786
< 1.15.1
A vulnerability was found in GeoServer GeoWebCache up to 1.15.1. It has been declared as problematic. This vulnerability affects u
5.3MEDIUM
 CVE-2023-43795
< 2.22.5
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Proce
8.6HIGH
 CVE-2023-41339
< 2.22.5
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specifica
8.6HIGH
 CVE-2023-35042
>= 2.0.0
GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in
9.8CRITICAL
 CVE-2023-25157
< 2.18.7
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer include
9.8CRITICAL
 CVE-2021-40822
<= 2.18.5
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.
7.5HIGH
 CVE-2022-24846
< 1.19.3
GeoWebCache is a tile caching server implemented in Java. The GeoWebCache disk quota mechanism can perform an unchecked JNDI looku
9.1CRITICAL
 CVE-2022-24847
< 2.19.6
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer sec
7.2HIGH
 CVE-2008-7227
<= 1.6.0
PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even when it is handling an
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin