tileserver-gl

Direct Vulnerabilities

Known vulnerabilities in the tileserver-gl package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L GHSA-q3j6-qgpj-74h6	<5.6.0-r2
L CVE-2026-6322	<5.6.0-r2
L GHSA-v39h-62p7-jpjc	<5.6.0-r2
L CVE-2026-6321	<5.6.0-r2
L GHSA-v2v4-37r5-5v8g	<5.6.0-r2
L XML Injection	<5.6.0-r2
L GHSA-gh4j-gqv2-49f6	<5.6.0-r2
L Cross-site Scripting (XSS)	<5.6.0-r2
L CVE-2026-5758	<5.6.0-r1
L GHSA-j452-xhg8-qg39	<5.6.0-r1
L CVE-2026-4923	<5.5.0-r12
L GHSA-27v5-c462-wpq7	<5.5.0-r12
L GHSA-j3q9-mxjg-w52f	<5.5.0-r12
L GHSA-qj8w-gfj5-8c6v	<5.5.0-r12
L CVE-2026-4926	<5.5.0-r12
H Resource Exhaustion	<5.5.0-r12
L GHSA-8gc5-j5rx-235r	<5.5.0-r11
L Inefficient Regular Expression Complexity	<5.5.0-r11
L GHSA-jp2q-39xq-3w4g	<5.5.0-r11
L Improper Validation of Specified Quantity in Input	<5.5.0-r11
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<5.5.0-r11
L GHSA-c2c7-rcm5-vvqj	<5.5.0-r11
L GHSA-3v7f-55p6-f55p	<5.5.0-r11
H Resource Exhaustion	<5.5.0-r11
M Cross-site Scripting (XSS)	<5.5.0-r11
L Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')	<5.5.0-r11
L Uncontrolled Recursion	<5.5.0-r11
L GHSA-f886-m6hf-6m8v	<5.5.0-r11
L GHSA-48c2-rrv3-qjmp	<5.5.0-r11
L GHSA-2qvq-rjwj-gvw9	<5.5.0-r11
L GHSA-25h7-pfq9-p65f	<5.5.0-r8
L GHSA-vpq2-c234-7xj6	<5.5.0-r8
L Uncontrolled Recursion	<5.5.0-r8
M Directory Traversal	<5.5.0-r8
L GHSA-qffp-2rhf-9h96	<5.5.0-r8
M Directory Traversal	<5.5.0-r8
L CVE-2026-3449	<5.5.0-r8
L GHSA-9ppj-qmqm-q256	<5.5.0-r8
L Algorithmic Complexity	<5.5.0-r6
L Inefficient Regular Expression Complexity	<5.5.0-r6
L Inefficient Regular Expression Complexity	<5.5.0-r5
L GHSA-fj3w-jwp8-x2g3	<5.5.0-r6
L GHSA-2g4f-4pwh-qvx6	<5.5.0-r5
L GHSA-xx4v-prfh-6cgc	<5.4.0-r2
L Improperly Controlled Modification of Dynamically-Determined Object Attributes	<5.4.0-r5
L CVE-2025-15284	<5.5.0-r0
L GHSA-vj76-c3g6-qr5v	<5.4.0-r2
L GHSA-wqch-xfxh-vrr4	<5.4.0-r5
L GHSA-m7jm-9gc2-mpf2	<5.5.0-r5
L Allocation of Resources Without Limits or Throttling	<5.4.0-r1
L GHSA-23c5-xmqv-rm74	<5.5.0-r6
L GHSA-8qq5-rm4j-mr97	<5.5.0-r2
L GHSA-r6q2-hw4h-h46w	<5.5.0-r2
M Improper Handling of Unicode Encoding	<5.5.0-r2
L CVE-2025-7783	<5.3.1-r9
L GHSA-4hjh-wcwx-xvwj	<5.4.0-r1
L CVE-2024-12905	<5.2.0-r1
L GHSA-fjxv-7rqg-78g4	<5.3.1-r9
L GHSA-73rr-hh4g-fpgx	<5.5.0-r2
L GHSA-3ppc-4f35-3m26	<5.5.0-r5
L GHSA-pq67-2wwv-3xjx	<5.2.0-r1
L GHSA-6rw7-vpxm-498p	<5.5.0-r0
L GHSA-7r86-cg39-jmmj	<5.5.0-r6
L GHSA-pj86-cfqh-vqx6	<5.4.0-r5
L CVE-2025-13466	<5.4.0-r5
H Resource Exhaustion	<5.5.0-r2
L GHSA-37qj-frw5-hhjh	<5.5.0-r4
H Inefficient Regular Expression Complexity	<5.5.0-r5
L GHSA-jr5f-v2jv-69x6	<5.1.3-r2
L GHSA-w7fw-mjwx-w883	<5.5.0-r4
L Resource Exhaustion	<5.3.1-r4
L GHSA-3xgq-45jj-v275	<5.0.0-r4
L CVE-2025-7339	<5.3.1-r7
L Directory Traversal	<5.4.0-r2
L GHSA-rmvr-2pp2-xj38	<5.4.0-r2
L GHSA-jmr7-xgp7-cmfj	<5.5.0-r5
M Server-Side Request Forgery (SSRF)	<5.1.3-r2
L GHSA-v6h2-p8h4-qcjw	<5.3.1-r4
L Directory Traversal	<5.5.0-r2
H Buffer Overflow	<5.5.0-r6
L Inefficient Regular Expression Complexity	<5.4.0-r2
L GHSA-76c9-3jph-rj3q	<5.3.1-r7
L CVE-2024-21538	<5.0.0-r4
L GHSA-h5c3-5r3r-rr8q	<5.4.0-r2
H Directory Traversal	<5.5.0-r5
L Improper Input Validation	<5.5.0-r4
L Inefficient Regular Expression Complexity	<5.4.0-r2
L Incorrect Regular Expression	<5.5.0-r5
L Inefficient Regular Expression Complexity	<5.4.0-r2
H CVE-2026-2391	<5.5.0-r4
L GHSA-5c6j-r48x-rmvq	<5.5.0-r6
L CVE-2025-46653	<5.3.0-r1
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<5.4.0-r4
L GHSA-75v8-2h7p-7m2m	<5.3.0-r1
L GHSA-mh29-5h37-fv8m	<5.4.0-r4
L GHSA-83g3-92jg-28cx	<5.5.0-r5
M Directory Traversal	<5.5.0-r2
L Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')	<5.5.0-r5
L GHSA-34x7-hfp2-rc4v	<5.5.0-r2
L GHSA-8cj5-5rvv-wf4v	<5.3.1-r3
L Inefficient Regular Expression Complexity	<5.1.1-r0
L GHSA-rhx6-c78j-4q9w	<5.1.1-r0
L Directory Traversal	<5.3.1-r3

Vulnerability

Vulnerable Version

GHSA-q3j6-qgpj-74h6

<5.6.0-r2