Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

openobserve — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting openobserve. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Openobserve is an observability platform designed for log, metric, and trace management. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, with eight CVEs documented to date. The platform's security posture has been challenged by improper input validation and insufficient access controls in its web interface. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities in its web components suggests potential risks for deployments exposed to untrusted networks. Organizations should implement strict network segmentation and timely patching to mitigate these known weaknesses.

Found 8 results / 8Clear Filters
Top products by openobserve: openobserve
CVE IDTitleCVSSSeverityPublished
CVE-2026-39361 OpenObserve has a SSRF Protection Bypass via IPv6 Bracket Notation in validate_enrichment_url — openobserveCWE-918 7.7 High2026-04-07
CVE-2025-66223 OpenObserve's Invite Token Lifecycle Misconfiguration — openobserveCWE-613 9.8 -2025-11-29
CVE-2025-64744 OpenObserve Vulnerable to HTML Injection in Organization Invitation Emails — openobserveCWE-79 3.5 Low2025-11-13
CVE-2024-55954 OpenObserve Improper Authorization Allows Admin User to Remove Root User — openobserveCWE-269 8.7 High2025-01-16
CVE-2024-41809 OpenObserve Cross-site Scripting (XSS) vulnerability in `openobserve/web/src/views/MemberSubscription.vue` — openobserveCWE-79 7.2 High2024-07-25
CVE-2024-41808 OpenObserve stored XSS vulnerability may lead to complete account takeover — openobserveCWE-79 8.8 High2024-07-25
CVE-2024-24830 OpenObserve Privilege Escalation Vulnerability in Users API — openobserveCWE-269 10.0 Critical2024-02-08
CVE-2024-25106 OpenObserve Unauthorized Access Vulnerability in Users API — openobserveCWE-284 9.1 Critical2024-02-08

This page lists every published CVE security advisory associated with openobserve. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.