@forwardemail/wildduck (>=4.0.1 <=4.0.3), @johnqh/haraka (>=8.0.1 <=8.0.17) +32 more potentially affected by unknown CVE via @opensearch-project/opensearch (>=3.2.0 <=3.5.1)

@opensearch-project/opensearch NPM version =3.2.0, =4.0.1, =8.0.1, =8.0.2, =5.8.38, =1.0.0, =1.0.0, =1.0.0-alpha.1, =1.1.3, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.3.0-beta.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-27F5-XJRR-Q9FF...

@agentionai/agents (>=0.11.0 <=0.12.0-beta), @andreafspeziale/nestjs-search (>=2.0.0 <=2.0.1) +83 more potentially affected by unknown CVE via @opensearch-project/opensearch (>=3.2.0 <=3.6.0)

@opensearch-project/opensearch NPM version =3.2.0, =0.11.0, =2.0.0, =1.8.0, =3.0.17, =1.0.84, =0.1.0, =1.0.1, =0.1.0, =0.1.0, =0.0.0, =0.5.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-27F5-XJRR-Q9FF...

@agentionai/agents (>=0.11.0 <=0.12.0-beta), @andreafspeziale/nestjs-search (>=2.0.0 <=2.0.1) +83 more potentially affected by unknown CVE via @opensearch-project/opensearch (>=3.2.0 <=3.6.0)

@opensearch-project/opensearch NPM version =3.2.0, =0.11.0, =2.0.0, =1.8.0, =3.0.17, =1.0.84, =0.1.0, =1.0.1, =0.1.0, =0.1.0, =0.0.0, =0.5.1 and more Source cves: unknown CVE Source advisory: SNYK:JS-OPENSEARCHPROJECTOPENSEARCH-16640915...

org.opensearch.dataprepper.plugins:otel-trace-group-processor (>=2.12.0 <=2.12.1) potentially affected by CVE-2025-62371 via org.opensearch.dataprepper.plugins:opensearch (>=2.12.0 <=2.12.1)

org.opensearch.dataprepper.plugins:opensearch MAVEN version =2.12.0, =2.12.0, =2.12.1 Source cves: CVE-2025-62371 Source advisory: OSV:GHSA-43FF-RR26-8HX4...

PT-2025-32597 · Maven · Org.Opensearch.Plugin:Opensearch-Security

Impact OpenSearch versions 2.19.2 and earlier improperly apply Field Level Security FLS rules on fields which are not at the top level of the source document tree i.e., which are members of a JSON object. If an FLS exclusion rule like object is applied to an object valued attribute in a source...

com.erudika:para-search-elasticsearch (=1.40.5), com.playtika.testcontainers:embedded-opensearch (>=3.0.7 <=3.1.6) +30 more potentially affected by unknown CVE via org.opensearch:opensearch (>=2.0.0 <=2.11.0)

org.opensearch:opensearch MAVEN version =2.0.0, =3.0.7, =0.1.3, =0.1.3, =0.1.3, =0.1.2, =0.1.2, =0.1.2, =1.2.3, =1.2.3, =1.2.3, =4.37.0, =2.10.0, =2.11.0 - org.codelibs.fess:fess-suggest =14.11.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-6G3J-P5G6-992F...

UBUNTU-CVE-2023-23613

OpenSearch is an open source distributed and RESTful search engine. In affected versions there is an issue in the implementation of field-level security FLS and field masking where rules written to explicitly exclude fields are not correctly applied for certain queries that rely on their...