Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: osgeo Clear
ID Title
CVE-2025-58175 Vulnerability in org.geoserver.web:gs-web-app (CVE-2025-58175)
vulnerability in org.geoserver.web:gs-web-app (CVE-2025-58175). Confidential information can be exposed externally. Exploitable via ``ENTITY_RESOLUTION_ALLOWLIST``. Mitigation: upgrade to `2.27.3` or later.
CVE-2025-52465 Vulnerability in org.geoserver.web:gs-web-app (CVE-2025-52465)
vulnerability in org.geoserver.web:gs-web-app (CVE-2025-52465). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.26.4` or later.
CVE-2025-27511 Vulnerability in org.geoserver.extension:gs-db2 (CVE-2025-27511)
vulnerability in org.geoserver.extension:gs-db2 (CVE-2025-27511). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.27.0` or later.
CVE-2026-45104 Vulnerability in osgeo (CVE-2026-45104)
vulnerability in osgeo (CVE-2026-45104). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.6.3` or later.
CVE-2026-49014 Vulnerability in gdal (CVE-2026-49014)
vulnerability in gdal (CVE-2026-49014). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.13.1` or later.
CVE-2026-8212 Buffer Overflow in gdal (CVE-2026-8212)
vulnerability in gdal (CVE-2026-8212). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.13.0` or later.
CVE-2026-8213 Buffer Overflow in gdal (CVE-2026-8213)
vulnerability in gdal (CVE-2026-8213). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.13.0` or later.
CVE-2026-42030 Vulnerability in osgeo (CVE-2026-42030)
vulnerability in osgeo (CVE-2026-42030). Risk of unauthorized operations or information disclosure.
CVE-2026-8087 Buffer Overflow in GDAL (CVE-2026-8087)
vulnerability in GDAL (CVE-2026-8087). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.13.0` or later.
CVE-2026-8088 Buffer Overflow in GDAL (CVE-2026-8088)
vulnerability in GDAL (CVE-2026-8088). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.13.0` or later.
CVE-2026-8086 Buffer Overflow in gdal (CVE-2026-8086)
vulnerability in gdal (CVE-2026-8086). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.13.0` or later.
CVE-2026-8084 Buffer Overflow in gdal (CVE-2026-8084)
vulnerability in gdal (CVE-2026-8084). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.13.0` or later.
CVE-2025-58360 KEV [KEV] XXE (XML External Entity) in Osgeo geoserver (CVE-2025-58360)
vulnerability in Osgeo geoserver (CVE-2025-58360). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2024-36401 KEV [KEV] Vulnerability in Osgeo geoserver (CVE-2024-36401)
vulnerability in Osgeo geoserver (CVE-2024-36401). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-24816 KEV [KEV] Code Injection in Osgeo jai-ext (CVE-2022-24816)
code injection in Osgeo jai-ext (CVE-2022-24816). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2017-5522 Buffer Overflow in dos (CVE-2017-5522)
vulnerability in dos (CVE-2017-5522). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →