Opensearch Project
Products
6- 6 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-31115 | Hig | 0.50 | 8.8 | 0.01 | Jun 30, 2022 | opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby `YAML.load` function was used instead of `YAML.safe_load`. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the… | ||
| CVE-2024-55886 | Med | 0.45 | 6.9 | 0.00 | Dec 12, 2024 | OpenSearch Data Prepper is a component of the OpenSearch project that accepts, filters, transforms, enriches, and routes data at scale. A vulnerability exists in the OpenTelemetry Logs source in Data Prepper starting inversion 2.1.0 and prior to version 2.10.2 where some custom… | ||
| CVE-2024-54160 | Med | 0.35 | 6.4 | 0.01 | Feb 12, 2025 | dashboards-reporting (aka Dashboards Reports) before 2.19.0.0, as shipped in OpenSearch before 2.19, allows XSS because Markdown is not sanitized when previewing a header or footer. | ||
| CVE-2020-8954 | Med | 0.35 | 5.4 | 0.01 | Jun 8, 2020 | OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.[a link that opens another app in the browser can be manipulated] | ||
| CVE-2024-43794 | Med | 0.33 | 6.1 | 0.00 | Aug 23, 2024 | OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Improper validation of the nextUrl parameter can lead to external redirect on login to OpenSearch-Dashboards for specially crafted parameters.… | ||
| CVE-2023-23933 | Med | 0.28 | 4.3 | 0.01 | Feb 3, 2023 | OpenSearch Anomaly Detection identifies atypical data and receives automatic notifications. There is an issue with the application of document and field level restrictions in the Anomaly Detection plugin, where users with the Anomaly Detector role can read aggregated numerical… | ||
| CVE-2025-9624 | 0.00 | — | 0.00 | Nov 25, 2025 | A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs. This issue affects all OpenSearch versions between 3.0.0 and < 3.3.0 and OpenSearch < 2.19.4. | |||
| CVE-2022-41917 | Med | 0.00 | 4.3 | 0.01 | Nov 16, 2022 | OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries… | ||
| CVE-2022-41906 | Hig | 0.00 | 8.7 | 0.01 | Nov 11, 2022 | OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin starting in 2.0.0 and prior to 2.2.1 could… | ||
| CVE-2021-44833 | Cri | 0.00 | 9.8 | 0.02 | Dec 12, 2021 | The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file. |
- risk 0.50cvss 8.8epss 0.01
opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby `YAML.load` function was used instead of `YAML.safe_load`. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the…
- risk 0.45cvss 6.9epss 0.00
OpenSearch Data Prepper is a component of the OpenSearch project that accepts, filters, transforms, enriches, and routes data at scale. A vulnerability exists in the OpenTelemetry Logs source in Data Prepper starting inversion 2.1.0 and prior to version 2.10.2 where some custom…
- risk 0.35cvss 6.4epss 0.01
dashboards-reporting (aka Dashboards Reports) before 2.19.0.0, as shipped in OpenSearch before 2.19, allows XSS because Markdown is not sanitized when previewing a header or footer.
- risk 0.35cvss 5.4epss 0.01
OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.[a link that opens another app in the browser can be manipulated]
- risk 0.33cvss 6.1epss 0.00
OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Improper validation of the nextUrl parameter can lead to external redirect on login to OpenSearch-Dashboards for specially crafted parameters.…
- risk 0.28cvss 4.3epss 0.01
OpenSearch Anomaly Detection identifies atypical data and receives automatic notifications. There is an issue with the application of document and field level restrictions in the Anomaly Detection plugin, where users with the Anomaly Detector role can read aggregated numerical…
- CVE-2025-9624Nov 25, 2025risk 0.00cvss —epss 0.00
A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs. This issue affects all OpenSearch versions between 3.0.0 and < 3.3.0 and OpenSearch < 2.19.4.
- risk 0.00cvss 4.3epss 0.01
OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries…
- risk 0.00cvss 8.7epss 0.01
OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin starting in 2.0.0 and prior to 2.2.1 could…
- risk 0.00cvss 9.8epss 0.02
The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file.