VYPR
Vendor

Opensearch Project

Products
6
CVEs
10
Across products
11
Status
Private

Products

6

Recent CVEs

10
  • CVE-2022-31115HigJun 30, 2022
    risk 0.50cvss 8.8epss 0.01

    opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby `YAML.load` function was used instead of `YAML.safe_load`. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the…

  • CVE-2024-55886MedDec 12, 2024
    risk 0.45cvss 6.9epss 0.00

    OpenSearch Data Prepper is a component of the OpenSearch project that accepts, filters, transforms, enriches, and routes data at scale. A vulnerability exists in the OpenTelemetry Logs source in Data Prepper starting inversion 2.1.0 and prior to version 2.10.2 where some custom…

  • CVE-2024-54160MedFeb 12, 2025
    risk 0.35cvss 6.4epss 0.01

    dashboards-reporting (aka Dashboards Reports) before 2.19.0.0, as shipped in OpenSearch before 2.19, allows XSS because Markdown is not sanitized when previewing a header or footer.

  • CVE-2020-8954MedJun 8, 2020
    risk 0.35cvss 5.4epss 0.01

    OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.[a link that opens another app in the browser can be manipulated]

  • CVE-2024-43794MedAug 23, 2024
    risk 0.33cvss 6.1epss 0.00

    OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Improper validation of the nextUrl parameter can lead to external redirect on login to OpenSearch-Dashboards for specially crafted parameters.…

  • CVE-2023-23933MedFeb 3, 2023
    risk 0.28cvss 4.3epss 0.01

    OpenSearch Anomaly Detection identifies atypical data and receives automatic notifications. There is an issue with the application of document and field level restrictions in the Anomaly Detection plugin, where users with the Anomaly Detector role can read aggregated numerical…

  • CVE-2025-9624Nov 25, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs. This issue affects all OpenSearch versions between 3.0.0 and < 3.3.0 and OpenSearch < 2.19.4.

  • CVE-2022-41917MedNov 16, 2022
    risk 0.00cvss 4.3epss 0.01

    OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries…

  • CVE-2022-41906HigNov 11, 2022
    risk 0.00cvss 8.7epss 0.01

    OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin starting in 2.0.0 and prior to 2.2.1 could…

  • CVE-2021-44833CriDec 12, 2021
    risk 0.00cvss 9.8epss 0.02

    The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file.