Security

Report a vulnerability

SECURITY.md

Security Policy

Supported Versions

GeoNode versions supported with security updates.

Version	Supported
4.0.x	✅
< 4.0	❌

Reporting a Vulnerability

DO NOT send a security alert on the public mailing list or any other public channel
SEND the report to geonode-psc@lists.osgeo.org and be prapred to collaborate with the GeoNode PSC

Thanks for you support and help!

Stored XSS to full account takeover
GHSA-rwcv-whm8-fmxm published Mar 27, 2024 by giohappy

High
SSRF Bypass to return internal host data
GHSA-pxg5-h34r-7q8p published Sep 15, 2023 by giohappy

Critical
Server Side Request forgery
GHSA-rmxg-6qqf-x8mr published Aug 23, 2023 by giohappy

Critical
Geoserver for GeoNode sensitive information leak
GHSA-87mh-vw7c-5v6w published Mar 23, 2023 by giohappy

Critical
XML External Entity (XXE) injection in GeoServer style upload functionality
GHSA-mcmc-c59m-pqq8 published Feb 27, 2023 by giohappy

Moderate

Learn more about advisories related to GeoNode/geonode in the GitHub Advisory Database