Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Elastic — Vulnerabilities & Security Advisories 223

Browse all 223 CVE security advisories affecting Elastic. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Elastic operates as a search and analytics engine, primarily powering the ELK Stack for log management and data visualization. With 223 recorded Common Vulnerabilities and Exposures, the platform has historically been susceptible to critical flaws, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These issues often stem from improper input validation and authentication bypasses within its Java-based architecture. Notable incidents involve unauthorized access to sensitive data through exposed APIs, highlighting risks associated with default configurations. The sheer volume of CVEs suggests persistent challenges in securing complex distributed systems. While the software remains a cornerstone for enterprise search, its extensive attack surface requires rigorous patching and strict access controls to mitigate the high probability of exploitation by threat actors targeting its widespread deployment infrastructure.

Found 43 results / 223Clear Filters
Top products by Elastic: Kibana Elasticsearch Logstash Packetbeat Elastic X-Pack Security Elastic Cloud Enterprise APM Server Beats Elastic Enterprise Search Elastic Agent Elastic Cloud Enterprise (ECE) X-Pack Security Elasticsearch X-Pack Machine Learning Elastic Defend Fleet Server Metricbeat Elastic Cloud on Kubernetes Elastic App Search Filebeat Elastic Endpoint Security Elastic Package Registry Elastic APM Java Agent Elastic APM .NET Agent Elastic Sharepoint Online Python Connector Elasticsearch-Hadoop Enterprise Search Elastic Network Drive Connector Elastic Agent and Elastic Defend Endpoint Elastic Endpoint Security and Elastic Endgame Security
CVE IDTitleCVSSSeverityPublished
CVE-2025-68390 Elasticsearch Allocation of Resources Without Limits or Throttling — ElasticsearchCWE-770 4.9 Medium2025-12-18
CVE-2025-68384 Elasticsearch Allocation of Resources Without Limits or Throttling — ElasticsearchCWE-770 6.5 Medium2025-12-18
CVE-2025-37731 Elasticsearch Improper Authentication — ElasticsearchCWE-287 6.8 Medium2025-12-15
CVE-2025-37727 Elasticsearch Insertion of sensitive information in log file — ElasticsearchCWE-532 5.7 Medium2025-10-10
CVE-2024-52979 Elasticsearch Uncontrolled Resource Consumption vulnerability — ElasticsearchCWE-400 6.5 Medium2025-05-01
CVE-2024-52981 Elastic Elasticsearch 资源管理错误漏洞 — ElasticsearchCWE-400 4.9 Medium2025-04-08
CVE-2024-52980 Elasticsearch Uncontrolled Resource Consumption vulnerability — ElasticsearchCWE-400 6.5 Medium2025-04-08
CVE-2024-43709 Elasticsearch allocation of resources without limits or throttling leads to crash — ElasticsearchCWE-770 6.5 Medium2025-01-21
CVE-2024-12539 Elasticsearch Incorrect Authorization — ElasticsearchCWE-863 7.5 -2024-12-17
CVE-2024-23444 Elasticsearch elasticsearch-certutil csr fails to encrypt private key — ElasticsearchCWE-311 4.9 Medium2024-07-31
CVE-2023-49921 Elasticsearch 安全漏洞 — ElasticsearchCWE-532 5.2 Medium2024-07-26
CVE-2024-37280 Elasticsearch StackOverflow vulnerability — ElasticsearchCWE-122 4.9 Medium2024-06-13
CVE-2024-23445 Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions — Elasticsearch 6.5 Medium2024-06-12
CVE-2024-23449 Elasticsearch Uncaught Exception — ElasticsearchCWE-248 4.3 Medium2024-03-29
CVE-2024-23451 Elasticsearch Incorrect Authorization in the Remote Cluster Security API key based security model — ElasticsearchCWE-863 4.4 Medium2024-03-27
CVE-2024-23450 Elasticsearch Uncontrolled Resource Consumption vulnerability — ElasticsearchCWE-400 4.9 Medium2024-03-27
CVE-2023-46673 Elasticsearch 安全漏洞 — ElasticsearchCWE-755 6.5 Medium2023-11-22
CVE-2021-37937 Elasticsearch privilege escalation — ElasticsearchCWE-269 5.9 Medium2023-11-22
CVE-2023-31417 Elasticsearch Insertion of sensitive information in audit logs — ElasticsearchCWE-532 4.1 Medium2023-10-26
CVE-2023-31418 Elasticsearch uncontrolled resource consumption — ElasticsearchCWE-400 7.5 High2023-10-26
CVE-2023-31419 Elasticsearch StackOverflow vulnerability — ElasticsearchCWE-121 6.5 Medium2023-10-26
CVE-2022-23712 Elasticsearch 安全漏洞 — elasticsearchCWE-754 7.5 -2022-06-06
CVE-2022-23708 Elasticsearch 安全漏洞 — elasticsearchCWE-264 4.3 -2022-03-03
CVE-2021-22147 Elasticsearch 安全漏洞 — ElasticsearchCWE-732 6.5 -2021-09-15
CVE-2021-22145 Elastic 安全漏洞 — ElasticsearchCWE-200 6.5 -2021-07-21
CVE-2021-22138 Elasticsearch Logstash 信任管理问题漏洞 — ElasticsearchCWE-295 3.7 -2021-05-13
CVE-2021-22137 Elasticsearch 信息泄露漏洞 — ElasticsearchCWE-200 5.3 -2021-05-13
CVE-2021-22135 Elasticsearch 信息泄露漏洞 — ElasticsearchCWE-200 5.3 -2021-05-13
CVE-2021-22134 Elasticsearch 信息泄露漏洞 — ElasticsearchCWE-200 4.3 -2021-03-08
CVE-2020-7021 Elasticsearch 日志信息泄露漏洞 — ElasticsearchCWE-532 4.9 -2021-02-10

This page lists every published CVE security advisory associated with Elastic. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.