VYPR

Opensearch

by Opensearch Project

Source repositories

CVEs (6)

  • CVE-2022-31115HigJun 30, 2022
    risk 0.50cvss 8.8epss 0.01

    opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby `YAML.load` function was used instead of `YAML.safe_load`. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the…

  • CVE-2024-55886MedDec 12, 2024
    risk 0.45cvss 6.9epss 0.00

    OpenSearch Data Prepper is a component of the OpenSearch project that accepts, filters, transforms, enriches, and routes data at scale. A vulnerability exists in the OpenTelemetry Logs source in Data Prepper starting inversion 2.1.0 and prior to version 2.10.2 where some custom…

  • CVE-2020-8954MedJun 8, 2020
    risk 0.35cvss 5.4epss 0.01

    OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.[a link that opens another app in the browser can be manipulated]

  • CVE-2025-9624Nov 25, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs. This issue affects all OpenSearch versions between 3.0.0 and < 3.3.0 and OpenSearch < 2.19.4.

  • CVE-2022-41917MedNov 16, 2022
    risk 0.00cvss 4.3epss 0.01

    OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries…

  • CVE-2021-44833CriDec 12, 2021
    risk 0.00cvss 9.8epss 0.02

    The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file.