pkg:Maven/org.geoserver:gs-wms

8 total CVEsCRITICAL2HIGH2MEDIUM4

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2024-36401⚠ KEVRemote Code Execution (RCE) vulnerability in geoserver
    >= 2.24.0, < 2.24.4
  • HIGH8.2CVE-2025-58360⚠ KEVGeoServer is vulnerable to Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature
    >= 2.26.0, < 2.26.2
  • CRITICAL9.8CVE-2023-35042GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language
    from 0, < 2.18.6
  • HIGH7.5CVE-2025-30145GeoServer Infinite Loop Vulnerability in Jiffle process
    >= 2.26.0, < 2.26.3
  • MEDIUM6.1CVE-2025-21621GeoServer has a Reflected Cross-Site Scripting (XSS) vulnerability in its WMS GetFeatureInfo HTML format
    from 0, < 2.25.0
  • MEDIUM5.3CVE-2023-41339Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF
    from 0, < 2.22.5
  • MEDIUM4.8CVE-2024-23818GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS)
    from 0, < 2.23.3
  • MEDIUM4.8CVE-2024-23642GeoServer's Simple SVG Renderer vulnerable to Stored Cross-Site Scripting (XSS)
    from 0, < 2.23.4