Esri Security Vulnerabilities (CVEs)

Track 58 security vulnerabilities affecting Esri products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

5 Critical

14 High

39 Medium

Sort by:

🔔 Get Alerts for Esri

CVE-2023-25839 7.0

This CVE describes a SQL injection vulnerability in Esri ArcGIS Insights Desktop that allows a local, authorized attacker to execute arbitrary SQL com...

Jul 19, 2023

CVE-2023-25832 8.8

This cross-site request forgery (CSRF) vulnerability in Esri Portal for ArcGIS allows attackers to trick authenticated users into performing unintende...

May 9, 2023

CVE-2021-29114 9.8

A critical SQL injection vulnerability in Esri ArcGIS Server feature services allows remote unauthenticated attackers to execute arbitrary SQL command...

Dec 7, 2021

CVE-2021-29102 9.1

This SSRF vulnerability in ArcGIS Server Manager allows unauthenticated remote attackers to make arbitrary GET requests from the vulnerable system. Th...

Jul 11, 2021

CVE-2021-29101 7.5

This vulnerability allows unauthenticated remote attackers to read arbitrary files on ArcGIS GeoEvent Server systems by exploiting a directory travers...

May 5, 2021

CVE-2021-29097 7.8

Multiple buffer overflow vulnerabilities in Esri's ArcGIS products allow arbitrary code execution when parsing malicious files. Unauthenticated attack...

Mar 25, 2021

CVE-2021-29096 7.8

A use-after-free vulnerability in Esri ArcGIS products allows arbitrary code execution when parsing malicious files. Unauthenticated attackers can exp...

Mar 25, 2021

CVE-2020-35712 9.8

CVE-2020-35712 is a Server-Side Request Forgery (SSRF) vulnerability in Esri ArcGIS Server that allows attackers to make unauthorized requests from th...

Dec 26, 2020

← Previous Page 2 of 2

Why Monitor Esri Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 58+ known vulnerabilities affecting Esri products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Esri packages in under 60 seconds. No agents required - completely agentless scanning that works across Esri deployments.

Free vulnerability database: Access detailed information about every Esri CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Esri CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Esri CVEs Free