741 matches found
CVE-2026-41239 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards...
GHSA-V9JR-RG53-9PGP vulnerabilities
Vulnerabilities for packages: opensearch-dashboards...
GHSA-H7MW-GPVR-XQ4M vulnerabilities
Vulnerabilities for packages: opensearch-dashboards...
GHSA-CRV5-9VWW-Q3G8 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards...
CVE-2026-41238 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards...
Linux Distros Unpatched Vulnerability : CVE-2026-43826
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the fu...
@agentionai/agents (>=0.11.0 <=0.12.0-beta), @andreafspeziale/nestjs-search (>=2.0.0 <=2.0.1) +63 more potentially affected by unknown CVE via @opensearch-project/opensearch (=3.6.0)
@opensearch-project/opensearch NPM version =3.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on @opensearch-project/opensearch and may be impacted: - @agentionai/agents =0.11.0, =2.0.0, =1.8.0, =3.0.17, =1.0.84, =0.1.0, =1.0.0, =1.0.1, =0.1.0, =0.1.0...
Malicious code in @opensearch-project/opensearch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1668370f4091d14b4e74ad0e9b25c70ccbc5bf7fb7d97f535212ce2289e71347 The package @opensearch-project/opensearch was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3434 Malicious code in @opensearch-project/opensearch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1668370f4091d14b4e74ad0e9b25c70ccbc5bf7fb7d97f535212ce2289e71347 The package @opensearch-project/opensearch was found to contain malicious code. Source: ghsa-malware...
@agentionai/agents (>=0.11.0 <=0.12.0-beta), @andreafspeziale/nestjs-search (>=2.0.0 <=2.0.1) +86 more potentially affected by unknown CVE via @opensearch-project/opensearch (>=3.2.0 <=3.6.0)
@opensearch-project/opensearch NPM version =3.2.0, =0.11.0, =2.0.0, =1.8.0, =3.0.17, =1.0.84, =0.1.0, =1.0.0, =1.0.1, =0.1.0, =0.1.0, =0.4.4 and more Source cves: unknown CVE Source advisory: SNYK:JS-OPENSEARCHPROJECTOPENSEARCH-16640915...
Insertion of Sensitive Information into Log File
Overview apache-airflow-providers-opensearch is a Provider package apache-airflow-providers-opensearch for Apache Airflow Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the grouplogsbyhost method in ostaskhandler.py. An attacker can expose...
EUVD-2026-29042
The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...
GHSA-XCCP-97WP-3GJG Apache Airflow Providers OpenSearch: OpenSearch task-log handler leaks credentials embedded in the host URL
The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...
Apache Airflow Providers OpenSearch: OpenSearch task-log handler leaks credentials embedded in the host URL
The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...
PYSEC-2026-23
The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...
PYSEC-2026-23
The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...
CVE-2026-43826
The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...
CVE-2026-43826
The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...
UBUNTU-CVE-2026-43826
The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...
CVE-2026-43826 Apache Airflow Providers OpenSearch: OpenSearch task-log handler leaks credentials embedded in the host URL
The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...