Vuln
·
Scope
Home
Packages
KEV
Critical
Insights
Jobs
Pricing
EN
中
Loading…
Maven/org.geoserver:gs-wms — 8 CVEs · VulnScope
pkg:Maven/
org.geoserver:gs-wms
8 total CVEs
CRITICAL
2
HIGH
2
MEDIUM
4
✅ Check your installed version
Check
All known vulnerabilities
CRITICAL
9.8
CVE-2024-36401
⚠ KEV
Remote Code Execution (RCE) vulnerability in geoserver
>= 2.24.0, < 2.24.4
HIGH
8.2
CVE-2025-58360
⚠ KEV
GeoServer is vulnerable to Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature
>= 2.26.0, < 2.26.2
CRITICAL
9.8
GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language
from 0, < 2.18.6
HIGH
7.5
GeoServer Infinite Loop Vulnerability in Jiffle process
>= 2.26.0, < 2.26.3
MEDIUM
6.1
GeoServer has a Reflected Cross-Site Scripting (XSS) vulnerability in its WMS GetFeatureInfo HTML format
from 0, < 2.25.0
MEDIUM
5.3
Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF
from 0, < 2.22.5
MEDIUM
4.8
GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS)
from 0, < 2.23.3
MEDIUM
4.8
GeoServer's Simple SVG Renderer vulnerable to Stored Cross-Site Scripting (XSS)
from 0, < 2.23.4
CVE-2023-35042
CVE-2025-30145
CVE-2025-21621
CVE-2023-41339
CVE-2024-23818
CVE-2024-23642