419 matches found
GHSA-5RV5-XJ5J-3484 vulnerabilities
Vulnerabilities for packages: logstash, cinc-auditor, kube-logging-operator...
CVE-2026-33637 vulnerabilities
Vulnerabilities for packages: logstash, cinc-auditor, kube-logging-operator...
CVE-2026-33637 vulnerabilities
Vulnerabilities for packages: logstash-fips, cinc-auditor, logstash, kube-logging-operator...
GHSA-5RV5-XJ5J-3484 vulnerabilities
Vulnerabilities for packages: logstash-fips, cinc-auditor, logstash, kube-logging-operator...
CLEANSTART-2026-DV49899 Security fixes for CVE-2024-45993, CVE-2025-31344, CVE-2025-48924, CVE-2026-26740, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33210, CVE-2026-33810, CVE-2026-33870, ghsa-33mh-2634-fwr2, ghsa-3m6g-2423-7cp3, ghsa-72hv-8253-57qq, ghsa-j288-q9x7-2f5v, ghsa-j4pr-3wm6-xx2r, ghsa-pwqr-wmgm-9rr8, ghsa-wx95-c6cv-8532 applied in versions: 9.3.0-r1, 9.3.0-r2, 9.3.1-r0, 9.3.2-r0
Multiple security vulnerabilities affect the logstash-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-34478 vulnerabilities
Vulnerabilities for packages: logstash, strimzi-kafka-operator, kserve-modelmesh, spark, wavefront-proxy, apache-pulsar, apache-activemq-artemis, infinispan, kafka, zipkin, akhq, solr, airflow...
CVE-2026-34477 vulnerabilities
Vulnerabilities for packages: logstash, strimzi-kafka-operator, kserve-modelmesh, spark, wavefront-proxy, apache-pulsar, apache-activemq-artemis, infinispan, kafka, zipkin, akhq, solr, airflow...
GHSA-445C-VH5M-36RJ vulnerabilities
Vulnerabilities for packages: logstash, strimzi-kafka-operator, kserve-modelmesh, spark, wavefront-proxy, apache-pulsar, apache-activemq-artemis, infinispan, kafka, zipkin, akhq, solr, airflow...
GHSA-6HG6-V5C8-FPHQ vulnerabilities
Vulnerabilities for packages: logstash, strimzi-kafka-operator, kserve-modelmesh, spark, wavefront-proxy, apache-pulsar, apache-activemq-artemis, infinispan, kafka, zipkin, akhq, solr, airflow...
CVE-2026-34478 vulnerabilities
Vulnerabilities for packages: apache-activemq-artemis, ghidra, airflow, spark-fips, infinispan, apache-pulsar-fips, apache-activemq, tritonserver-backend-vllm-cuda-13.0, apache-pulsar, akhq, strimzi-kafka-operator, kserve-modelmesh, commercial-elasticsearch, kafka-fips, wavefront-proxy, logstash,...
GHSA-445C-VH5M-36RJ vulnerabilities
Vulnerabilities for packages: apache-activemq-artemis, ghidra, airflow, spark-fips, infinispan, apache-pulsar-fips, apache-activemq, tritonserver-backend-vllm-cuda-13.0, apache-pulsar, akhq, strimzi-kafka-operator, kserve-modelmesh, commercial-elasticsearch, kafka-fips, wavefront-proxy, logstash,...
CVE-2026-34477 vulnerabilities
Vulnerabilities for packages: apache-activemq-artemis, ghidra, airflow, spark-fips, infinispan, apache-pulsar-fips, apache-activemq, tritonserver-backend-vllm-cuda-13.0, apache-pulsar, akhq, strimzi-kafka-operator, kserve-modelmesh, commercial-elasticsearch, kafka-fips, wavefront-proxy, logstash,...
GHSA-6HG6-V5C8-FPHQ vulnerabilities
Vulnerabilities for packages: apache-activemq-artemis, ghidra, airflow, spark-fips, infinispan, apache-pulsar-fips, apache-activemq, tritonserver-backend-vllm-cuda-13.0, apache-pulsar, akhq, strimzi-kafka-operator, kserve-modelmesh, commercial-elasticsearch, kafka-fips, wavefront-proxy, logstash,...
BIT-LOGSTASH-2026-33466 Improper Limitation of a Pathname to a Restricted Directory in Logstash Leading to Arbitrary File Write
Improper Limitation of a Pathname to a Restricted Directory CWE-22 in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal CAPEC-139. The archive extraction utilities used by Logstash do not properly validate file paths within compressed...
PT-2026-32434
Improper Limitation of a Pathname to a Restricted Directory CWE-22 in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal CAPEC-139. The archive extraction utilities used by Logstash do not properly validate file paths within compressed...
CVE-2026-33466
Improper Limitation of a Pathname to a Restricted Directory CWE-22 in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal CAPEC-139. The archive extraction utilities used by Logstash do not properly validate file paths within compressed...
Logstash 8.x < 8.19.14 / 9.x < 9.2.8 / 9.3.x < 9.3.3 Path Traversal (ESA-2026-29)
The version of Logstash installed on the remote host is 8.x prior to 8.19.14, 9.x prior to 9.2.8, or 9.3.x prior to 9.3.3. It is, therefore, affected by a path traversal vulnerability: - The archive extraction utilities used by Logstash do not properly validate file paths within compressed...
CLEANSTART-2026-GE08280 Ruby JSON is a JSON implementation for Ruby
Multiple security vulnerabilities affect the logstash-fips package. Ruby JSON is a JSON implementation for Ruby. See references for individual vulnerability details...
CLEANSTART-2026-RZ30606 Ruby JSON is a JSON implementation for Ruby
Multiple security vulnerabilities affect the logstash-fips package. Ruby JSON is a JSON implementation for Ruby. See references for individual vulnerability details...
CLEANSTART-2026-CQ39708 Netty is an asynchronous, event-driven network application framework
Multiple security vulnerabilities affect the logstash-fips package. Netty is an asynchronous, event-driven network application framework. See references for individual vulnerability details...