Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

opensearch-project — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting opensearch-project. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by opensearch-project:securitydata-prepperopensearch-rubynotificationsOpenSearchanomaly-detectionreportingobservabilitysecurity-dashboards-plugin
CVE IDTitleCVSSSeverityPublished
CVE-2025-62371 OpenSearch Data Prepper plugins trusts all SSL certificates by default — data-prepperCWE-295 7.4 High2025-10-15
CVE-2024-55886 OpenTelemetry Logs source may lack authentication with some custom plugins — data-prepperCWE-287 6.9 Medium2024-12-12
CVE-2024-43794 OpenSearch Dashboards Security Plugin improper validation of nextUrl can lead to external redirect — security-dashboards-pluginCWE-601 6.1 Medium2024-08-23
CVE-2024-39900 OpenSearch Dashboards Reports does not properly restrict access to private tenant resources — reportingCWE-639 5.4 Medium2024-07-09
CVE-2024-39901 OpenSearch Observability does not properly restrict access to private tenant resources — observabilityCWE-639 4.2 Medium2024-07-09
CVE-2023-45807 OpenSearch Issue with tenant read-only permissions — securityCWE-281 5.4 Medium2023-10-16
CVE-2023-31141 OpenSearch issue with fine-grained access control during extremely rare race conditions — securityCWE-863 4.8 Medium2023-05-08
CVE-2023-25806 Time discrepancy in authentication responses in OpenSearch — securityCWE-208 5.3 -2023-03-02
CVE-2023-23933 Issue in Anomaly Detection with document and field level rules in numerical feature aggregations — anomaly-detectionCWE-125 4.3 -2023-02-03
CVE-2023-23612 Issue with whitespace in JWT roles in OpenSearch — securityCWE-287 4.7 Medium2023-01-24
CVE-2023-23613 Field-level security issue with .keyword fields in OpenSearch — securityCWE-200 5.7 Medium2023-01-24
CVE-2022-41917 Incorrect Error Handling Allowed Partial File Reads Over REST API in OpenSearch — OpenSearchCWE-200 4.3 Medium2022-11-15
CVE-2022-41918 Issue with fine-grained access control of indices backing data streams — securityCWE-863 6.3 Medium2022-11-15
CVE-2022-41906 OpenSearch Notifications is vulnerable to Server-Side Request Forgery (SSRF) — notificationsCWE-918 8.7 -2022-11-11
CVE-2022-35980 OpenSearch vulnerable to Improper Authorization of Index Containing Sensitive Information — securityCWE-612 7.5 High2022-08-12
CVE-2022-31115 Unsafe YAML deserialization in opensearch-ruby — opensearch-rubyCWE-502 8.8 High2022-06-30

This page lists every published CVE security advisory associated with opensearch-project. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.