Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

opensearch-project — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting opensearch-project. AI-powered Chinese analysis, POCs, and references for each vulnerability.

OpenSearch serves as a distributed search and analytics engine for log management, monitoring, and observability use cases. Historically, the project has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and authentication flaws. While no major public security incidents have been widely documented, the 16 recorded CVEs highlight ongoing security considerations. The project maintains security through regular updates and a vulnerability disclosure program, though deployments should implement proper access controls and network segmentation to mitigate risks associated with exposed interfaces and default configurations.

Top products by opensearch-project: security data-prepper opensearch-ruby notifications OpenSearch anomaly-detection reporting observability security-dashboards-plugin
CVE IDTitleCVSSSeverityPublished
CVE-2025-62371 OpenSearch Data Prepper plugins trusts all SSL certificates by default — data-prepperCWE-295 7.4 High2025-10-15
CVE-2024-55886 OpenTelemetry Logs source may lack authentication with some custom plugins — data-prepperCWE-287 6.9 Medium2024-12-12
CVE-2024-43794 OpenSearch Dashboards Security Plugin improper validation of nextUrl can lead to external redirect — security-dashboards-pluginCWE-601 6.1 Medium2024-08-23
CVE-2024-39900 OpenSearch Dashboards Reports does not properly restrict access to private tenant resources — reportingCWE-639 5.4 Medium2024-07-09
CVE-2024-39901 OpenSearch Observability does not properly restrict access to private tenant resources — observabilityCWE-639 4.2 Medium2024-07-09
CVE-2023-45807 OpenSearch Issue with tenant read-only permissions — securityCWE-281 5.4 Medium2023-10-16
CVE-2023-31141 OpenSearch issue with fine-grained access control during extremely rare race conditions — securityCWE-863 4.8 Medium2023-05-08
CVE-2023-25806 Time discrepancy in authentication responses in OpenSearch — securityCWE-208 5.3 -2023-03-02
CVE-2023-23933 Issue in Anomaly Detection with document and field level rules in numerical feature aggregations — anomaly-detectionCWE-125 4.3 -2023-02-03
CVE-2023-23612 Issue with whitespace in JWT roles in OpenSearch — securityCWE-287 4.7 Medium2023-01-24
CVE-2023-23613 Field-level security issue with .keyword fields in OpenSearch — securityCWE-200 5.7 Medium2023-01-24
CVE-2022-41917 Incorrect Error Handling Allowed Partial File Reads Over REST API in OpenSearch — OpenSearchCWE-200 4.3 Medium2022-11-15
CVE-2022-41918 Issue with fine-grained access control of indices backing data streams — securityCWE-863 6.3 Medium2022-11-15
CVE-2022-41906 OpenSearch Notifications is vulnerable to Server-Side Request Forgery (SSRF) — notificationsCWE-918 8.7 -2022-11-11
CVE-2022-35980 OpenSearch vulnerable to Improper Authorization of Index Containing Sensitive Information — securityCWE-612 7.5 High2022-08-12
CVE-2022-31115 Unsafe YAML deserialization in opensearch-ruby — opensearch-rubyCWE-502 8.8 High2022-06-30

This page lists every published CVE security advisory associated with opensearch-project. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.