Known Vulnerabilities for products from OSGeo
Listed below are 20 of the newest known vulnerabilities associated with the vendor "OSGeo".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33721 json | MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-b... | Not Provided | 2026-03-27 | 2026-04-17 |
| CVE-2026-30479 json | Not Provided | 2026-04-09 | 2026-04-14 | |
| CVE-2026-8088 json | A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file ... | Not Provided | 2026-05-07 | 2026-05-08 |
| CVE-2026-8087 json | A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hd... | Not Provided | 2026-05-07 | 2026-05-08 |
| CVE-2026-8086 json | A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/... | Not Provided | 2026-05-07 | 2026-05-08 |
| CVE-2026-8084 json | A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file f... | Not Provided | 2026-05-07 | 2026-05-08 |
| CVE-2024-32037 json | GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the sear... | Not Provided | 2025-02-11 | 2026-04-17 |
| CVE-2023-43795 json | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web ... | 9.8 - CRITICAL | 2023-10-25 | 2023-11-01 |
| CVE-2023-41339 json | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS spec... | 5.3 - MEDIUM | 2023-10-25 | 2023-10-31 |
| CVE-2023-27476 json | OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and ... | 7.5 - HIGH | 2023-03-08 | 2023-06-25 |
| CVE-2023-26043 json | GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode ... | 6.5 - MEDIUM | 2023-02-27 | 2023-11-07 |
| CVE-2023-25157 json | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer in... | 9.8 - CRITICAL | 2023-02-21 | 2023-11-07 |
| CVE-2022-24847 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.2 - HIGH | 2022-04-13 | 2023-06-23 |
| CVE-2022-0699 json | A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to... | 9.8 - CRITICAL | 2022-10-17 | 2022-12-21 |
| CVE-2021-45943 json | GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSe... | 5.5 - MEDIUM | 2022-01-01 | 2023-11-07 |
| CVE-2021-40822 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-05-02 | 2022-05-09 |
| CVE-2021-39371 json | An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server files... | 7.5 - HIGH | 2021-08-23 | 2022-06-02 |
| CVE-2021-32062 json | MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not... | 5.3 - MEDIUM | 2021-05-06 | 2023-11-07 |
| CVE-2021-28398 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.2 - HIGH | 2022-09-05 | 2022-10-01 |
| CVE-2019-25050 json | netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_at... | 7.8 - HIGH | 2021-07-20 | 2021-07-29 |