geonode

PyPI4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting geonodepage 1 of 1

CVE-2023-26043MEDIUMCVSS 6.5EG 6.5✓ Fixed in 4.0.3
2023-02-27
vulnerable: 2.0 ... 4.0.2 (211 versions)
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to …
CVE-2023-40017HIGHCVSS 7.5EG 7.5✓ Fixed in 4.1.3
2023-08-24
vulnerable: 3.2.0 ... 4.1.2 (23 versions)
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint `/proxy/?url=` does not properly protect against server-side request forgery…
CVE-2023-42439HIGHCVSS 7.5EG 7.5
2023-09-15
vulnerable: 3.2.0 ... 4.4.3 (40 versions)
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user …
CVE-2026-39922MEDIUMCVSS 6.3EG 6.3✓ Fixed in 5.0.2
2026-04-10
vulnerable: 4.0.0 ... 5.0.1 (28 versions)
GeoNode versions 4.4.5 and 5.0.2 (and prior within their respective releases) contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to trigger outbound network requests…

Check whether geonode is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for geonode CVEs against the assets you own.

Start Free Scan →