Browse all 24 CVE security advisories affecting open-telemetry. AI-powered Chinese analysis, POCs, and references for each vulnerability.
OpenTelemetry serves as a vendor-agnostic framework for generating, collecting, and exporting telemetry data, primarily supporting observability in cloud-native environments. Despite its utility in monitoring system performance, the project has recorded twenty-one Common Vulnerabilities and Exposures (CVEs), reflecting inherent risks in complex distributed systems. Historically, these security issues have predominantly stemmed from improper input validation, leading to remote code execution and cross-site scripting vulnerabilities, alongside occasional privilege escalation flaws arising from insufficient access controls. While no single catastrophic incident has defined the project’s history, the accumulation of these defects highlights the challenges of maintaining security in open-source infrastructure tools. Developers must rigorously audit dependencies and enforce strict input sanitization to mitigate these persistent threats, ensuring that the widespread adoption of telemetry does not inadvertently expand the attack surface for critical enterprise applications.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-43810 | opentelemetry-instrumentation Denial of Service vulnerability due to unbound cardinality metrics — opentelemetry-python-contribCWE-400 | 7.5 | High | 2023-10-06 |
This page lists every published CVE security advisory associated with open-telemetry. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.