Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-58175 |
|
Vulnerability in org.geoserver.web:gs-web-app (CVE-2025-58175)
vulnerability in org.geoserver.web:gs-web-app (CVE-2025-58175). Confidential information can be exposed externally. Exploitable via ``ENTITY_RESOLUTION_ALLOWLIST``. Mitigation: upgrade to `2.27.3` or later.
|
| CVE-2025-52465 |
|
Vulnerability in org.geoserver.web:gs-web-app (CVE-2025-52465)
vulnerability in org.geoserver.web:gs-web-app (CVE-2025-52465). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.26.4` or later.
|
| CVE-2025-27511 |
|
Vulnerability in org.geoserver.extension:gs-db2 (CVE-2025-27511)
vulnerability in org.geoserver.extension:gs-db2 (CVE-2025-27511). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.27.0` or later.
|
| CVE-2026-45104 |
|
Vulnerability in osgeo (CVE-2026-45104)
vulnerability in osgeo (CVE-2026-45104). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.6.3` or later.
|
| CVE-2026-49014 |
|
Vulnerability in gdal (CVE-2026-49014)
vulnerability in gdal (CVE-2026-49014). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.13.1` or later.
|
| CVE-2026-8212 |
|
Buffer Overflow in gdal (CVE-2026-8212)
vulnerability in gdal (CVE-2026-8212). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.13.0` or later.
|
| CVE-2026-8213 |
|
Buffer Overflow in gdal (CVE-2026-8213)
vulnerability in gdal (CVE-2026-8213). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.13.0` or later.
|
| CVE-2026-42030 |
|
Vulnerability in osgeo (CVE-2026-42030)
vulnerability in osgeo (CVE-2026-42030). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8087 |
|
Buffer Overflow in GDAL (CVE-2026-8087)
vulnerability in GDAL (CVE-2026-8087). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.13.0` or later.
|
| CVE-2026-8088 |
|
Buffer Overflow in GDAL (CVE-2026-8088)
vulnerability in GDAL (CVE-2026-8088). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.13.0` or later.
|
| CVE-2026-8086 |
|
Buffer Overflow in gdal (CVE-2026-8086)
vulnerability in gdal (CVE-2026-8086). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.13.0` or later.
|
| CVE-2026-8084 |
|
Buffer Overflow in gdal (CVE-2026-8084)
vulnerability in gdal (CVE-2026-8084). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.13.0` or later.
|
| CVE-2025-58360 KEV |
|
[KEV] XXE (XML External Entity) in Osgeo geoserver (CVE-2025-58360)
vulnerability in Osgeo geoserver (CVE-2025-58360). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-36401 KEV |
|
[KEV] Vulnerability in Osgeo geoserver (CVE-2024-36401)
vulnerability in Osgeo geoserver (CVE-2024-36401). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-24816 KEV |
|
[KEV] Code Injection in Osgeo jai-ext (CVE-2022-24816)
code injection in Osgeo jai-ext (CVE-2022-24816). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2017-5522 |
|
Buffer Overflow in dos (CVE-2017-5522)
vulnerability in dos (CVE-2017-5522). Successful exploitation can lead to full system takeover.
|