Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

elasticsearch — Vulnerabilities & Security Advisories 43

All 43 CVE vulnerabilities found in elasticsearch, with AI-generated Chinese analysis, references, and POCs.

This page aggregates Common Weakness Enumerations (CWEs) specifically related to the Elasticsearch product developed by Elastic. It serves as a centralized repository for analyzing security flaws, configuration errors, and implementation defects that affect the distributed search and analytics engine. The content herein compiles vulnerability data sourced from vendor advisories, independent security disclosures, and public databases, covering a historical timeline that extends back to the earliest tracked releases of the software. Readers can utilize this resource to track Elastic’s security advisories over time, gaining insight into how the vendor addresses critical issues. Furthermore, users can understand specific weakness classes by examining how abstract CWE categories manifest in real-world scenarios within Elasticsearch. The page also allows for a comprehensive look up of a product’s vulnerability history, enabling developers and security professionals to assess the long-term security posture of the platform. By reviewing past incidents and their resolutions, stakeholders can better evaluate the impact of known flaws on their deployments and prioritize remediation efforts effectively. This aggregated view helps in correlating multiple CVE entries to identify patterns in vulnerability types, such as authentication bypasses or remote code execution risks, providing a holistic perspective on the security landscape surrounding Elasticsearch without focusing on isolated events.

Vendor: Elastic

CVE IDTitleCVSSSeverityPublished
CVE-2025-68390 Elasticsearch Allocation of Resources Without Limits or Throttling CWE-770 4.9 Medium2025-12-18
CVE-2025-68384 Elasticsearch Allocation of Resources Without Limits or Throttling CWE-770 6.5 Medium2025-12-18
CVE-2025-37731 Elasticsearch Improper Authentication CWE-287 6.8 Medium2025-12-15
CVE-2025-37727 Elasticsearch Insertion of sensitive information in log file CWE-532 5.7 Medium2025-10-10
CVE-2024-52979 Elasticsearch Uncontrolled Resource Consumption vulnerability CWE-400 6.5 Medium2025-05-01
CVE-2024-52981 Elastic Elasticsearch 资源管理错误漏洞 CWE-400 4.9 Medium2025-04-08
CVE-2024-52980 Elasticsearch Uncontrolled Resource Consumption vulnerability CWE-400 6.5 Medium2025-04-08
CVE-2024-43709 Elasticsearch allocation of resources without limits or throttling leads to crash CWE-770 6.5 Medium2025-01-21
CVE-2024-12539 Elasticsearch Incorrect Authorization CWE-863 7.5 -2024-12-17
CVE-2024-23444 Elasticsearch elasticsearch-certutil csr fails to encrypt private key CWE-311 4.9 Medium2024-07-31
CVE-2023-49921 Elasticsearch 安全漏洞 CWE-532 5.2 Medium2024-07-26
CVE-2024-37280 Elasticsearch StackOverflow vulnerability CWE-122 4.9 Medium2024-06-13
CVE-2024-23445 Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions 6.5 Medium2024-06-12
CVE-2024-23449 Elasticsearch Uncaught Exception CWE-248 4.3 Medium2024-03-29
CVE-2024-23451 Elasticsearch Incorrect Authorization in the Remote Cluster Security API key based security model CWE-863 4.4 Medium2024-03-27
CVE-2024-23450 Elasticsearch Uncontrolled Resource Consumption vulnerability CWE-400 4.9 Medium2024-03-27
CVE-2023-46673 Elasticsearch 安全漏洞 CWE-755 6.5 Medium2023-11-22
CVE-2021-37937 Elasticsearch privilege escalation CWE-269 5.9 Medium2023-11-22
CVE-2023-31417 Elasticsearch Insertion of sensitive information in audit logs CWE-532 4.1 Medium2023-10-26
CVE-2023-31418 Elasticsearch uncontrolled resource consumption CWE-400 7.5 High2023-10-26
CVE-2023-31419 Elasticsearch StackOverflow vulnerability CWE-121 6.5 Medium2023-10-26
CVE-2022-23712 Elasticsearch 安全漏洞 CWE-754 7.5 -2022-06-06
CVE-2022-23708 Elasticsearch 安全漏洞 CWE-264 4.3 -2022-03-03
CVE-2021-22147 Elasticsearch 安全漏洞 CWE-732 6.5 -2021-09-15
CVE-2021-22145 Elastic 安全漏洞 CWE-200 6.5 -2021-07-21
CVE-2021-22138 Elasticsearch Logstash 信任管理问题漏洞 CWE-295 3.7 -2021-05-13
CVE-2021-22137 Elasticsearch 信息泄露漏洞 CWE-200 5.3 -2021-05-13
CVE-2021-22135 Elasticsearch 信息泄露漏洞 CWE-200 5.3 -2021-05-13
CVE-2021-22134 Elasticsearch 信息泄露漏洞 CWE-200 4.3 -2021-03-08
CVE-2020-7021 Elasticsearch 日志信息泄露漏洞 CWE-532 4.9 -2021-02-10

All 43 known CVE vulnerabilities affecting elasticsearch with full Chinese analysis, references, and POCs where available.