Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

floragunn — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting floragunn. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Floragunn develops identity and access management solutions for enterprise applications, with its flagship product being an open-source SSO server. Historically, the project has been associated with multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for its 16 recorded CVEs. Notable security characteristics include its Java-based architecture and integration with various authentication protocols. While no major public security incidents have been widely documented, the consistent discovery of RCE vulnerabilities in its authentication and session management components has raised concerns among security researchers regarding input validation and secure coding practices within the platform.

Top products by floragunn: Search Guard Search Guard FLX Search Guard Kibana Plugin
CVE IDTitleCVSSSeverityPublished
CVE-2026-4819 Search Guard audit logs can contain under certain conditions user credentials — Search Guard FLXCWE-532 4.9 Medium2026-03-31
CVE-2026-4818 Some management operations on data streams are not properly restricted when user does not have the necessary privileges — Search Guard FLXCWE-285 6.8 Medium2026-03-31
CVE-2026-4799 Open redirect vulnerability in Search Guard Kibana Plugin via manipulated requests — Search Guard FLXCWE-601 4.3 Medium2026-03-31
CVE-2025-13653 Unauthorized access to documents in data streams with specially crafted requests — Search Guard FLXCWE-200 4.3 Medium2025-12-01
CVE-2025-12149 Unauthorized access to documents protected by Document-Level Security (DLS), when Signals watches include a search query involving protected documents — Search Guard FLXCWE-200 6.2 -2025-11-14
CVE-2025-12148 Unauthorized access to fields protected by Field Masking (FM) for fields of type IP — Search Guard FLXCWE-200 9.1AICriticalAI2025-10-29
CVE-2025-12147 Unauthorized access to fields protected by Field-Level Security (FLS) when those fields are members of an object — Search Guard FLXCWE-200 9.1AICriticalAI2025-10-29
CVE-2019-13422 floragunn Search Guard Kibana Plugin 输入验证错误漏洞 — Search Guard Kibana PluginCWE-601 6.1 -2019-08-23
CVE-2019-13423 floragunn Search Guard Kibana Plugin 权限许可和访问控制问题漏洞 — Search Guard Kibana PluginCWE-287 8.8 -2019-08-23
CVE-2019-13421 floragunn Search Guard 信息泄露漏洞 — Search GuardCWE-522 4.9 -2019-08-23
CVE-2019-13415 floragunn Search Guard 授权问题漏洞 — Search GuardCWE-280 6.5 -2019-08-13
CVE-2019-13416 floragunn Search Guard 授权问题漏洞 — Search GuardCWE-285 6.5 -2019-08-13
CVE-2019-13419 floragunn Search Guard 信息泄露漏洞 — Search GuardCWE-311 7.5 -2019-08-13
CVE-2019-13420 floragunn Search Guard 信息泄露漏洞 — Search GuardCWE-208 5.9 -2019-08-13
CVE-2019-13418 floragunn Search Guard 输入验证错误漏洞 — Search GuardCWE-311 7.5 -2019-08-12
CVE-2019-13417 floragunn Search Guard 信息泄露漏洞 — Search GuardCWE-863 5.3 -2019-08-12

This page lists every published CVE security advisory associated with floragunn. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.