tileserver-gl

Direct Vulnerabilities

Known vulnerabilities in the tileserver-gl package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Resource Exhaustion	<5.5.0-r12
L GHSA-qj8w-gfj5-8c6v	<5.5.0-r12
L CVE-2026-4923	<5.5.0-r12
L GHSA-j3q9-mxjg-w52f	<5.5.0-r12
L GHSA-27v5-c462-wpq7	<5.5.0-r12
L CVE-2026-4926	<5.5.0-r12
L Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')	<5.5.0-r11
L GHSA-jp2q-39xq-3w4g	<5.5.0-r11
M Cross-site Scripting (XSS)	<5.5.0-r11
L GHSA-3v7f-55p6-f55p	<5.5.0-r11
L Improper Validation of Specified Quantity in Input	<5.5.0-r11
L GHSA-8gc5-j5rx-235r	<5.5.0-r11
L GHSA-2qvq-rjwj-gvw9	<5.5.0-r11
L Inefficient Regular Expression Complexity	<5.5.0-r11
L Uncontrolled Recursion	<5.5.0-r11
L GHSA-f886-m6hf-6m8v	<5.5.0-r11
L Resource Exhaustion	<5.5.0-r11
L GHSA-c2c7-rcm5-vvqj	<5.5.0-r11
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<5.5.0-r11
L GHSA-48c2-rrv3-qjmp	<5.5.0-r11
L GHSA-25h7-pfq9-p65f	<5.5.0-r8
L GHSA-qffp-2rhf-9h96	<5.5.0-r8
L CVE-2026-3449	<5.5.0-r8
L GHSA-9ppj-qmqm-q256	<5.5.0-r8
L Uncontrolled Recursion	<5.5.0-r8
L GHSA-vpq2-c234-7xj6	<5.5.0-r8
M Directory Traversal	<5.5.0-r8
M Directory Traversal	<5.5.0-r8
L GHSA-fj3w-jwp8-x2g3	<5.5.0-r6
L GHSA-23c5-xmqv-rm74	<5.5.0-r6
L Inefficient Regular Expression Complexity	<5.5.0-r6
L GHSA-5c6j-r48x-rmvq	<5.5.0-r6
L Algorithmic Complexity	<5.5.0-r6
H Buffer Overflow	<5.5.0-r6
L GHSA-7r86-cg39-jmmj	<5.5.0-r6
L Inefficient Regular Expression Complexity	<5.5.0-r5
L GHSA-2g4f-4pwh-qvx6	<5.5.0-r5
L GHSA-jmr7-xgp7-cmfj	<5.5.0-r5
L GHSA-3ppc-4f35-3m26	<5.5.0-r5
L Incorrect Regular Expression	<5.5.0-r5
L Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')	<5.5.0-r5
H Inefficient Regular Expression Complexity	<5.5.0-r5
L GHSA-83g3-92jg-28cx	<5.5.0-r5
H Directory Traversal	<5.5.0-r5
L GHSA-m7jm-9gc2-mpf2	<5.5.0-r5
L GHSA-37qj-frw5-hhjh	<5.5.0-r4
L GHSA-w7fw-mjwx-w883	<5.5.0-r4
L Improper Input Validation	<5.5.0-r4
H CVE-2026-2391	<5.5.0-r4
L GHSA-73rr-hh4g-fpgx	<5.5.0-r2
M Directory Traversal	<5.5.0-r2
L GHSA-r6q2-hw4h-h46w	<5.5.0-r2
M Improper Handling of Unicode Encoding	<5.5.0-r2
H Resource Exhaustion	<5.5.0-r2
L GHSA-34x7-hfp2-rc4v	<5.5.0-r2
L GHSA-8qq5-rm4j-mr97	<5.5.0-r2
L Directory Traversal	<5.5.0-r2
L GHSA-xx4v-prfh-6cgc	<5.4.0-r2
L Inefficient Regular Expression Complexity	<5.4.0-r2
L GHSA-h5c3-5r3r-rr8q	<5.4.0-r2
L GHSA-rmvr-2pp2-xj38	<5.4.0-r2
L CVE-2025-15284	<5.5.0-r0
L GHSA-6rw7-vpxm-498p	<5.5.0-r0
L Inefficient Regular Expression Complexity	<5.4.0-r2
L Inefficient Regular Expression Complexity	<5.4.0-r2
L GHSA-pj86-cfqh-vqx6	<5.4.0-r5
L Improperly Controlled Modification of Dynamically-Determined Object Attributes	<5.4.0-r5
L GHSA-wqch-xfxh-vrr4	<5.4.0-r5
L CVE-2025-13466	<5.4.0-r5
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<5.4.0-r4
L GHSA-mh29-5h37-fv8m	<5.4.0-r4
L Directory Traversal	<5.4.0-r2
L GHSA-vj76-c3g6-qr5v	<5.4.0-r2
L Allocation of Resources Without Limits or Throttling	<5.4.0-r1
L GHSA-4hjh-wcwx-xvwj	<5.4.0-r1
L GHSA-fjxv-7rqg-78g4	<5.3.1-r9
L CVE-2025-7783	<5.3.1-r9
L GHSA-76c9-3jph-rj3q	<5.3.1-r7
L CVE-2025-7339	<5.3.1-r7
L Resource Exhaustion	<5.3.1-r4
L GHSA-v6h2-p8h4-qcjw	<5.3.1-r4
L GHSA-8cj5-5rvv-wf4v	<5.3.1-r3
L Directory Traversal	<5.3.1-r3
H CVE-2025-46653	<5.3.0-r1
L GHSA-75v8-2h7p-7m2m	<5.3.0-r1
L CVE-2024-12905	<5.2.0-r1
L GHSA-pq67-2wwv-3xjx	<5.2.0-r1
M Server-Side Request Forgery (SSRF)	<5.1.3-r2
L GHSA-jr5f-v2jv-69x6	<5.1.3-r2
L GHSA-rhx6-c78j-4q9w	<5.1.1-r0
L Inefficient Regular Expression Complexity	<5.1.1-r0
L CVE-2024-21538	<5.0.0-r4
L GHSA-3xgq-45jj-v275	<5.0.0-r4

Vulnerability

Vulnerable Version

Resource Exhaustion

<5.5.0-r12