Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

4 advisories

Loading
GeoServer is vulnerable to Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature High
CVE-2025-58360 was published for org.geoserver.web:gs-web-app (Maven) Nov 25, 2025
xbow-security Credited to xbow-security and jodygarnett jodygarnett jodygarnett
[XBOW-025-068] XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service High
CVE-2025-30220 was published for org.geoserver.web:gs-web-app (Maven) Jun 10, 2025
xbow-security Credited to xbow-security, YacineF, aaime, and jodygarnett YacineF YacineF
aaime aaime jodygarnett jodygarnett
Label Studio allows Server-Side Request Forgery in the S3 Storage Endpoint High
CVE-2025-25297 was published for label-studio (pip) Feb 14, 2025
xbow-security Credited to xbow-security
Label Studio has a Path Traversal Vulnerability via image Field High
CVE-2025-25295 was published for label-studio-sdk (pip) Feb 14, 2025
xbow-security Credited to xbow-security
ProTip! Advisories are also available from the GraphQL API