Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

open-telemetry — Vulnerabilities & Security Advisories 21

Browse all 21 CVE security advisories affecting open-telemetry. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by open-telemetry:opentelemetry-dotnetopentelemetry-goopentelemetry-go-contribopentelemetry-java-instrumentationopentelemetry-collector-contribopentelemetry-python-contribopentelemetry-collectoropentelemetry-dotnet-contribopentelemetry-ebpf-instrumentation
CVE IDTitleCVSSSeverityPublished
CVE-2026-41433 OpenTelemetry eBPF Instrumentation: Privileged Java agent injection allows arbitrary host file overwrite via untrusted TMPDIR — opentelemetry-ebpf-instrumentationCWE-22 8.4 High2026-04-24
CVE-2026-41173 Unbounded HTTP response body read in OpenTelemetry.Sampler.AWS — opentelemetry-dotnet-contribCWE-770 5.9 Medium2026-04-23
CVE-2026-41078 OpenTelemetry dotnet: Potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path — opentelemetry-dotnetCWE-770 5.9 Medium2026-04-23
CVE-2026-40894 OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers — opentelemetry-dotnetCWE-789 5.3 Medium2026-04-23
CVE-2026-40891 OpenTelemetry dotnet: Unbounded `grpc-status-details-bin` parsing in OTLP/gRPC retry handling — opentelemetry-dotnetCWE-789 5.3 Medium2026-04-23
CVE-2026-40182 OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies — opentelemetry-dotnetCWE-789 5.3 Medium2026-04-23
CVE-2026-39883 OpenTelemetry-Go has an incomplete fix for CVE-2026-24051: BSD kenv command not using absolute path enables PATH hijacking — opentelemetry-goCWE-426 9.8AICriticalAI2026-04-08
CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies — opentelemetry-goCWE-789 5.3 Medium2026-04-08
CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification) — opentelemetry-goCWE-770 7.5 High2026-04-07
CVE-2026-33701 OpenTelemetry: Unsafe Deserialization in RMI Instrumentation may Lead to Remote Code Execution — opentelemetry-java-instrumentationCWE-502 8.1 -2026-03-27
CVE-2026-24051 OpenTelemetry-Go Affected by Arbitrary Code Execution via PATH Hijacking — opentelemetry-goCWE-426 7.0 High2026-02-02
CVE-2025-27513 OpenTelemetry .NET has a Denial of Service (DoS) Vulnerability in API Package — opentelemetry-dotnetCWE-770 7.5 High2025-03-05
CVE-2024-45043 OpenTelemetry Collector AWS Firehose Receiver Authentication Bypass Vulnerability — opentelemetry-collector-contribCWE-200 5.3 Medium2024-08-28
CVE-2024-42368 open-telemetry has an Observable Timing Discrepancy — opentelemetry-collector-contribCWE-208 6.5 Medium2024-08-13
CVE-2024-36129 OpenTelemetry Collector has a Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC — opentelemetry-collectorCWE-119 8.2 High2024-06-05
CVE-2024-32028 Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore — opentelemetry-dotnetCWE-212 4.1 Medium2024-04-12
CVE-2023-47108 DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics — opentelemetry-go-contribCWE-770 7.5 High2023-11-10
CVE-2023-45142 OpenTelemetry-Go Contrib has DoS vulnerability in otelhttp due to unbound cardinality metrics — opentelemetry-go-contribCWE-770 7.5 High2023-10-12
CVE-2023-43810 opentelemetry-instrumentation Denial of Service vulnerability due to unbound cardinality metrics — opentelemetry-python-contribCWE-400 7.5 High2023-10-06
CVE-2023-39951 Instrumentation for AWS SDK v2 captures email content when using Amazon Simple Email Service (SES) v1 API, exposing that content to the telemetry backend — opentelemetry-java-instrumentationCWE-200 6.5 Medium2023-08-08
CVE-2023-25151 DoS vulnerability for high cardinality metrics in opentelemetry-go-contrib — opentelemetry-go-contribCWE-400 7.5 High2023-02-08

This page lists every published CVE security advisory associated with open-telemetry. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.