Known Vulnerabilities for products from Osgeo
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Osgeo".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33721 json | MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-b... | Not Provided | 2026-03-27 | 2026-04-17 |
| CVE-2026-30479 json | Not Provided | 2026-04-09 | 2026-04-14 | |
| CVE-2024-32037 json | GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the sear... | Not Provided | 2025-02-11 | 2026-04-17 |
| CVE-2023-43795 json | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web ... | 9.8 - CRITICAL | 2023-10-25 | 2023-11-01 |
| CVE-2023-41339 json | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS spec... | 5.3 - MEDIUM | 2023-10-25 | 2023-10-31 |
| CVE-2023-27476 json | OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and ... | 7.5 - HIGH | 2023-03-08 | 2023-06-25 |
| CVE-2023-26043 json | GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode ... | 6.5 - MEDIUM | 2023-02-27 | 2023-11-07 |
| CVE-2023-25157 json | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer in... | 9.8 - CRITICAL | 2023-02-21 | 2023-11-07 |
| CVE-2022-24847 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.2 - HIGH | 2022-04-13 | 2023-06-23 |
| CVE-2022-0699 json | A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to... | 9.8 - CRITICAL | 2022-10-17 | 2022-12-21 |
| CVE-2021-45943 json | GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSe... | 5.5 - MEDIUM | 2022-01-01 | 2023-11-07 |
| CVE-2021-40822 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-05-02 | 2022-05-09 |
| CVE-2021-39371 json | An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server files... | 7.5 - HIGH | 2021-08-23 | 2022-06-02 |
| CVE-2021-32062 json | MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not... | 5.3 - MEDIUM | 2021-05-06 | 2023-11-07 |
| CVE-2021-28398 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.2 - HIGH | 2022-09-05 | 2022-10-01 |
| CVE-2019-25050 json | netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_at... | 7.8 - HIGH | 2021-07-20 | 2021-07-29 |
| CVE-2019-17546 json | tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that pote... | 8.8 - HIGH | 2019-10-14 | 2023-11-07 |
| CVE-2019-17545 json | GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. | 9.8 - CRITICAL | 2019-10-14 | 2023-11-07 |
| CVE-2017-5522 json | Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows ... | 9.8 - CRITICAL | 2017-03-15 | 2021-06-07 |
| CVE-2016-9839 json | In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fa... | 7.5 - HIGH | 2016-12-08 | 2023-01-31 |