The vulnerability of the OpenSearch software package lies in its lack of measures to protect the structure of web pages, allowing attackers to execute arbitrary code.

The vulnerability of the OpenSearch software package is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a perpetrator to execute arbitrary code...

ROS-20250624-02

Vulnerability in OpenSearch software package related to lack of Markdown cleanup on header or footer previews header or footer preview. Exploitation of the vulnerability could allow an attacker to, execute arbitrary code...

Malicious code in opensearch-with-grafana-lambdas (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1610e128601e1cf8f57fb7382fb6310a88b8420bcf1aa66c7e0c8b488b5477dc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4860 Malicious code in opensearch-with-grafana-lambdas (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1610e128601e1cf8f57fb7382fb6310a88b8420bcf1aa66c7e0c8b488b5477dc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-21180

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: OpenSearch Dashboards. Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft...

CVE-2024-55886

OpenSearch Data Prepper is a component of the OpenSearch project that accepts, filters, transforms, enriches, and routes data at scale. A vulnerability exists in the OpenTelemetry Logs source in Data Prepper starting inversion 2.1.0 and prior to version 2.10.2 where some custom authentication...

CVE-2024-43794

OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Improper validation of the nextUrl parameter can lead to external redirect on login to OpenSearch-Dashboards for specially crafted parameters. A patch is availab...

CVE-2023-28864

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. The data...

CVE-2023-23613

OpenSearch is an open source distributed and RESTful search engine. In affected versions there is an issue in the implementation of field-level security FLS and field masking where rules written to explicitly exclude fields are not correctly applied for certain queries that rely on their...

CVE-2022-41918

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the indices that back data streams...

CVE-2022-41917

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a...

CVE-2020-8954

OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.a link that opens another app in the browser can be manipulated...

CVE-2025-31672 vulnerabilities

Vulnerabilities for packages: opensearch...

GHSA-GMG8-593G-7MV3 vulnerabilities

Vulnerabilities for packages: opensearch...

The vulnerability of the OpenSearch software package, related to deficiencies in authentication procedures, allows attackers to circumvent existing security restrictions.

Vulnerability of the OpenSearch software package, related to deficiencies in authentication procedures. Exploiting this vulnerability can allow a malicious actor to circumvent existing security restrictions remotely...

The vulnerability of the OpenSearch software package, related to reading data beyond the buffer in memory, allows a intruder to gain unauthorized access to protected information.

Vulnerability of the OpenSearch software package, related to reading data beyond the buffer in memory. Exploitation of this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

The vulnerability of the OpenSearch software package, related to insufficient protection of operational data, allows a intruder to gain unauthorized access to protected information.

Vulnerability of the OpenSearch software package, related to insufficient protection of operational data. Exploiting this vulnerability may allow a malicious actor to gain unauthorized access to protected information...

The vulnerability of the OpenSearch software package, related to the disclosure of information through discrepancies, allows a perpetrator to compromise the integrity of data.

The vulnerability of the OpenSearch software package is related to the disclosure of information due to incompatibility. Exploiting this vulnerability can allow a malicious actor to compromise the integrity of data...

ROS-20250403-14

Vulnerability in the OpenSearch software package due to a problem in the implementation of Field Level Security FLS. Field Level Security FLS. Exploitation of the vulnerability could allow an attacker to obtain sensitive data Vulnerability in the OpenSearch software package due to missing spaces ...

ROS-20250403-12

OpenSearch software package vulnerability related to out-of-bounds memory reads. Exploitation of the vulnerability could allow an attacker to obtain sensitive data...