CVE-2025-57810 vulnerabilities

Vulnerabilities for packages: opensearch-dashboards...

GHSA-F8CM-6447-X5H2 vulnerabilities

Vulnerabilities for packages: opensearch-dashboards-fips, opensearch-dashboards...

GHSA-8MVJ-3J78-4QMW vulnerabilities

Vulnerabilities for packages: opensearch-dashboards-fips, opensearch-dashboards...

CVE-2025-57810 vulnerabilities

Vulnerabilities for packages: opensearch-dashboards-fips, opensearch-dashboards...

CVE-2025-68428 vulnerabilities

Vulnerabilities for packages: opensearch-dashboards-fips, opensearch-dashboards...

CVE-2023-31141

OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not...

CVE-2024-39900

OpenSearch Dashboards Reports allows ‘Report Owner’ export and share reports from OpenSearch Dashboards. An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...

CVE-2024-39901

OpenSearch Observability is collection of plugins and applications that visualize data-driven events. An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...

CVE-2025-23671

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sav WP OpenSearch wp-opensearch allows Stored XSS.This issue affects WP OpenSearch: from n/a through = 1.0...

CVE-2022-31115

opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby YAML.load function was used instead of YAML.safeload. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. ...

GHSA-P72G-PV48-7W9X vulnerabilities

Vulnerabilities for packages: opensearch...

GHSA-MW3V-MMFW-3X2G vulnerabilities

Vulnerabilities for packages: opensearch...

CVE-2025-9624 vulnerabilities

Vulnerabilities for packages: opensearch...

GHSA-73M2-QFQ3-56CX vulnerabilities

Vulnerabilities for packages: opensearch...

CVE-2025-27820 vulnerabilities

Vulnerabilities for packages: opensearch...

CVE-2025-54988 vulnerabilities

Vulnerabilities for packages: opensearch...

GHSA-67MF-3CR5-8W23 vulnerabilities

Vulnerabilities for packages: sonarqube, cassandra, opensearch...

CVE-2025-8885 vulnerabilities

Vulnerabilities for packages: sonarqube, cassandra, opensearch...

Airflow externalLogUrl Permission Bypass

1. Summary The externalLogUrl endpoint in Airflow’s FastAPI enforces only the weaker Task Instance access permission TASKINSTANCE instead of the intended Task Logs permission TASKLOGS. As a result, low-privileged users who are not authorized to view task logs can still obtain external log access...

Denial Of Service (DoS)

OpenSearch is vulnerable to Denial Of Service DoS. The vulnerability is due to the handling of overly complex querystring inputs, which allows an attacker to submit specially crafted queries that exhaust system resources and trigger a DoS condition...