gdal has 2 known vulnerabilities on the latest version (3.13.0). DepScope rates its health at 69/100 (moderate risk).

What is the latest version of gdal?

The latest version of gdal is 3.13.0, released 2026-05-08.

Does gdal have known vulnerabilities?

Yes. gdal has 2 known vulnerabilities. See depscope.dev/pkg/pypi/gdal for details.

No, gdal is actively maintained. Latest release: 3.13.0 (2026-05-08).

What are alternatives to gdal?

Popular alternatives to gdal in PyPI include: boto3, packaging, certifi, urllib3, idna.

gdal

pypiv3.13.0

GDAL: Geospatial Data Abstraction Library

License MITpermissive95 versions1 maintainers1 deps

OSGeo/GDAL

/ 100

Health

use with caution

[email protected] low health (69/100) — consider alternatives

Moderate health score (69/100) — verify manually

Health breakdown0 – 100

25/25

maintenance

0/20

popularity

21/25

security

15/15

maturity

8/15

community

Vulnerabilities

2 medium

Advisories (2)

Severity	ID	Summary	Fixed in
medium	BIT-gdal-2025-29480	Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced.	—
medium	BIT-gdal-2026-8212	A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be used. Upgrading to version 3.13.0RC1 addresses this issue. This patch is called 3e04c0385630e4d42517046d9a4967dfccfeb7fd. The affected component should be upgraded.	—

Health History

Dependency Tree

License Audit

Dependencies (1)

numpy

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/pypi/gdal