Elasticsearch

This hub aggregates every CVE we track for Elasticsearch, a product in the databases space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Elasticsearch.

• CVE-2025-68390Elasticsearch Allocation of Resources Without Limits or Throttling4.9Dec 18, 2025
• CVE-2025-68384Elasticsearch Allocation of Resources Without Limits or Throttling6.5Dec 18, 2025
• CVE-2025-37731Elasticsearch Improper Authentication6.8Dec 15, 2025
• CVE-2025-37727Elasticsearch Insertion of sensitive information in log file5.7Oct 10, 2025
• BDU:2025-05749Уязвимость поисковой системы ElasticSearch, связанная с недостаточным ограничением попыток аутентификации, позволяющая нарушителю реализовать атаку методом "грубой силы" (brute force) и повысить свои привилегии8.1May 21, 2025
• CVE-2024-52979Elasticsearch Uncontrolled Resource Consumption vulnerability6.5May 1, 2025
• CVE-2024-52981An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow.4.9Apr 8, 2025
• CVE-2024-52980Elasticsearch Uncontrolled Resource Consumption vulnerability6.5Apr 8, 2025
• CVE-2024-43709Elasticsearch allocation of resources without limits or throttling leads to crash6.5Jan 21, 2025
• CVE-2024-12539Elasticsearch Incorrect Authorization6.5Dec 17, 2024
• CVE-2024-23444Elasticsearch elasticsearch-certutil csr fails to encrypt private key4.9Jul 31, 2024
• CVE-2023-49921An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printe...5.2Jul 26, 2024
• CVE-2024-37280Elasticsearch StackOverflow vulnerability4.9Jun 13, 2024
• CVE-2024-23445Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions6.5Jun 12, 2024
• CVE-2024-23449Elasticsearch Uncaught Exception4.3Mar 29, 2024