Browse all 16 CVE security advisories affecting opensearch-project. AI-powered Chinese analysis, POCs, and references for each vulnerability.
OpenSearch serves as a distributed search and analytics engine for log management, monitoring, and observability use cases. Historically, the project has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and authentication flaws. While no major public security incidents have been widely documented, the 16 recorded CVEs highlight ongoing security considerations. The project maintains security through regular updates and a vulnerability disclosure program, though deployments should implement proper access controls and network segmentation to mitigate risks associated with exposed interfaces and default configurations.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-62371 | OpenSearch Data Prepper plugins trusts all SSL certificates by default — data-prepperCWE-295 | 7.4 | High | 2025-10-15 |
| CVE-2024-55886 | OpenTelemetry Logs source may lack authentication with some custom plugins — data-prepperCWE-287 | 6.9 | Medium | 2024-12-12 |
This page lists every published CVE security advisory associated with opensearch-project. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.