Every CVE whose affected-product data names Osgeo Mapserver, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (22)
CVE-2010-2540 — CVSS 10.0 (critical): mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that…
CVE-2009-0841 — CVSS 10.0 (critical): Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with…
CVE-2009-0839 — CVSS 10.0 (critical): Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when the server has a map with a…
CVE-2009-1177 — CVSS 10.0 (critical): Multiple stack-based buffer overflows in maptemplate.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 have unknown impact…
CVE-2009-2281 — CVSS 10.0 (critical): Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before…
CVE-2009-0840 — CVSS 10.0 (critical): Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows…
CVE-2009-1176 — CVSS 10.0 (critical): mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 does not ensure that the string holding the id parameter ends in a…
CVE-2017-5522 — CVSS 9.8 (critical): Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote…
CVE-2025-59431 — CVSS 9.8 (critical): MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably…
CVE-2009-0843 — CVSS 7.8 (high): The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to determine the existence…
CVE-2026-45104 — CVSS 7.5 (high): MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls…
CVE-2010-1678 — CVSS 7.5 (high): Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing.
CVE-2011-2703 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute…
CVE-2011-2704 — CVSS 7.5 (high): Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors…
CVE-2016-9839 — CVSS 7.5 (high): In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails.
CVE-2013-7262 — CVSS 6.8 (medium): SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service…
CVE-2011-2975 — CVSS 6.8 (medium): Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a…
CVE-2026-42030 — CVSS 6.1 (medium): MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in…
CVE-2021-32062 — CVSS 5.3 (medium): MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly…
CVE-2026-33721 — CVSS 5.3 (medium): MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow…
CVE-2009-0842 — CVSS 4.3 (medium): mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full…
CVE-2010-2539 — CVSS 2.1 (low): Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to…