CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2025-58360	High	86.4%	OSGeoGeoServer	OSGeo GeoServer contains an improper restriction of XML external entity reference vulnerability that occurs when the application accepts XML input through a specific endpoint /geoserver/wms operation GetMap and could allow an attacker to define external entities within the XML request.	Dec 11, 2025	KEV
CVE-2024-36401	High	94.4%	OSGeoGeoServer	OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unauthenticated attackers to conduct remote code execution via specially crafted input.	Jul 15, 2024	KEV
CVE-2022-24816	High	93.7%	OSGeoJAI-EXT	OSGeo GeoServer JAI-EXT contains a code injection vulnerability that, when programs use jt-jiffle and allow Jiffle script to be provided via network request, could allow remote code execution.	Jun 26, 2024	KEV

CVE-2025-58360KEV

High

OSGeo GeoServer contains an improper restriction of XML external entity reference vulnerability that occurs when the application accepts XML input through a specific endpoint /geoserver/wms operation GetMap and could allow an attacker to define external entities within the XML request.

OSGeoEPSS 86.4%

CVE-2024-36401KEV

High

OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unauthenticated attackers to conduct remote code execution via specially crafted input.

OSGeoEPSS 94.4%

CVE-2022-24816KEV

High

OSGeo GeoServer JAI-EXT contains a code injection vulnerability that, when programs use jt-jiffle and allow Jiffle script to be provided via network request, could allow remote code execution.

OSGeoEPSS 93.7%