GHSA-5RV5-XJ5J-3484 vulnerabilities

Vulnerabilities for packages: logstash, kube-logging-operator, cinc-auditor...

CVE-2026-33637 vulnerabilities

Vulnerabilities for packages: logstash, kube-logging-operator, cinc-auditor...

CVE-2026-33637 vulnerabilities

Vulnerabilities for packages: logstash-fips, logstash, kube-logging-operator, cinc-auditor...

GHSA-5RV5-XJ5J-3484 vulnerabilities

Vulnerabilities for packages: logstash-fips, logstash, kube-logging-operator, cinc-auditor...

CLEANSTART-2026-DV49899 Security fixes for CVE-2024-45993, CVE-2025-31344, CVE-2025-48924, CVE-2026-26740, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33210, CVE-2026-33810, CVE-2026-33870, ghsa-33mh-2634-fwr2, ghsa-3m6g-2423-7cp3, ghsa-72hv-8253-57qq, ghsa-j288-q9x7-2f5v, ghsa-j4pr-3wm6-xx2r, ghsa-pwqr-wmgm-9rr8, ghsa-wx95-c6cv-8532 applied in versions: 9.3.0-r1, 9.3.0-r2, 9.3.1-r0, 9.3.2-r0

Multiple security vulnerabilities affect the logstash-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-34478 vulnerabilities

Vulnerabilities for packages: apache-pulsar, apache-activemq-artemis, kserve-modelmesh, zipkin, solr, akhq, infinispan, airflow, spark, wavefront-proxy, logstash, kafka, strimzi-kafka-operator...

CVE-2026-34477 vulnerabilities

Vulnerabilities for packages: apache-pulsar, apache-activemq-artemis, kserve-modelmesh, zipkin, solr, akhq, infinispan, airflow, spark, wavefront-proxy, logstash, kafka, strimzi-kafka-operator...

GHSA-445C-VH5M-36RJ vulnerabilities

Vulnerabilities for packages: apache-pulsar, apache-activemq-artemis, kserve-modelmesh, zipkin, solr, akhq, infinispan, airflow, spark, wavefront-proxy, logstash, kafka, strimzi-kafka-operator...

GHSA-6HG6-V5C8-FPHQ vulnerabilities

Vulnerabilities for packages: apache-pulsar, apache-activemq-artemis, kserve-modelmesh, zipkin, solr, akhq, infinispan, airflow, spark, wavefront-proxy, logstash, kafka, strimzi-kafka-operator...

CVE-2026-34478 vulnerabilities

Vulnerabilities for packages: apache-activemq-fips, apache-pulsar-fips, camunda, kafka-fips, airflow, spark-kubernetes-operator, elasticsearch-fips, logstash, akhq, nuxeo, apache-tika-fips, ghidra, apache-camel-karavan-devmode, camunda-zeebe, apache-pulsar, kserve-modelmesh, solr,...

GHSA-445C-VH5M-36RJ vulnerabilities

Vulnerabilities for packages: apache-activemq-fips, apache-pulsar-fips, camunda, kafka-fips, airflow, spark-kubernetes-operator, elasticsearch-fips, logstash, akhq, nuxeo, apache-tika-fips, ghidra, apache-camel-karavan-devmode, camunda-zeebe, apache-pulsar, kserve-modelmesh, solr,...

CVE-2026-34477 vulnerabilities

Vulnerabilities for packages: apache-activemq-fips, apache-pulsar-fips, camunda, kafka-fips, airflow, spark-kubernetes-operator, elasticsearch-fips, logstash, akhq, nuxeo, wso2is, apache-tika-fips, ghidra, apache-camel-karavan-devmode, camunda-zeebe, apache-pulsar, kserve-modelmesh, solr,...

GHSA-6HG6-V5C8-FPHQ vulnerabilities

Vulnerabilities for packages: apache-activemq-fips, apache-pulsar-fips, camunda, kafka-fips, airflow, spark-kubernetes-operator, elasticsearch-fips, logstash, akhq, nuxeo, wso2is, apache-tika-fips, ghidra, apache-camel-karavan-devmode, camunda-zeebe, apache-pulsar, kserve-modelmesh, solr,...

BIT-LOGSTASH-2026-33466 Improper Limitation of a Pathname to a Restricted Directory in Logstash Leading to Arbitrary File Write

Improper Limitation of a Pathname to a Restricted Directory CWE-22 in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal CAPEC-139. The archive extraction utilities used by Logstash do not properly validate file paths within compressed...

PT-2026-32434

Improper Limitation of a Pathname to a Restricted Directory CWE-22 in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal CAPEC-139. The archive extraction utilities used by Logstash do not properly validate file paths within compressed...

CVE-2026-33466

Improper Limitation of a Pathname to a Restricted Directory CWE-22 in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal CAPEC-139. The archive extraction utilities used by Logstash do not properly validate file paths within compressed...

Logstash 8.x < 8.19.14 / 9.x < 9.2.8 / 9.3.x < 9.3.3 Path Traversal (ESA-2026-29)

The version of Logstash installed on the remote host is 8.x prior to 8.19.14, 9.x prior to 9.2.8, or 9.3.x prior to 9.3.3. It is, therefore, affected by a path traversal vulnerability: - The archive extraction utilities used by Logstash do not properly validate file paths within compressed...

CLEANSTART-2026-GE08280 Ruby JSON is a JSON implementation for Ruby

Multiple security vulnerabilities affect the logstash-fips package. Ruby JSON is a JSON implementation for Ruby. See references for individual vulnerability details...

CLEANSTART-2026-RZ30606 Ruby JSON is a JSON implementation for Ruby

Multiple security vulnerabilities affect the logstash-fips package. Ruby JSON is a JSON implementation for Ruby. See references for individual vulnerability details...

CLEANSTART-2026-CQ39708 Netty is an asynchronous, event-driven network application framework

Multiple security vulnerabilities affect the logstash-fips package. Netty is an asynchronous, event-driven network application framework. See references for individual vulnerability details...