Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/geonode@4.0.0rc0
purl pkg:pypi/geonode@4.0.0rc0
Next non-vulnerable version 4.4.5
Latest non-vulnerable version 5.0.2
Risk
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-kvfp-4b99-7ufe
Aliases:
CVE-2023-26043
GHSA-mcmc-c59m-pqq8
PYSEC-2023-15
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3.
4.0.3
Affected by 2 other vulnerabilities.
VCID-y7sz-snam-5ycz
Aliases:
CVE-2023-40017
GHSA-rmxg-6qqf-x8mr
PYSEC-2023-269
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint `/proxy/?url=` does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and request information from internal hosts. A patch is available at commit a9eebae80cb362009660a1fd49e105e7cdb499b9.
4.1.3
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:19:24.666621+00:00 Pypa Importer Affected by VCID-y7sz-snam-5ycz https://github.com/pypa/advisory-database/blob/main/vulns/geonode/PYSEC-2023-269.yaml 38.6.0
2026-06-02T04:18:25.547632+00:00 Pypa Importer Affected by VCID-kvfp-4b99-7ufe https://github.com/pypa/advisory-database/blob/main/vulns/geonode/PYSEC-2023-15.yaml 38.6.0