Org.elasticsearch:elasticsearch
This hub aggregates every CVE we track for Org.elasticsearch:elasticsearch, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
44
CVEs tracked
1
Critical
8
High
2
In CISA KEV
Severity distribution
MEDIUM34HIGH8LOW1CRITICAL1
Monthly trend
2
0
0
0
0
1
1
0
0
2
1
0
0
0
0
1
0
1
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Org.elasticsearch:elasticsearch.
- CVE-2025-37731Elasticsearch Improper Authentication6.8
- CVE-2025-37727Elasticsearch Insertion of sensitive information in log file5.7
- CVE-2024-52979Elasticsearch Uncontrolled Resource Consumption vulnerability6.5
- CVE-2024-52981An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow.4.9
- CVE-2024-52980Elasticsearch Uncontrolled Resource Consumption vulnerability6.5
- CVE-2024-43709Elasticsearch allocation of resources without limits or throttling leads to crash6.5
- CVE-2024-12539Elasticsearch Incorrect Authorization6.5
- CVE-2024-23444Elasticsearch elasticsearch-certutil csr fails to encrypt private key4.9
- CVE-2023-49921An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printe...5.2
- CVE-2024-37280Elasticsearch StackOverflow vulnerability4.9
- CVE-2024-23449Elasticsearch Uncaught Exception4.3
- CVE-2024-23451Elasticsearch Incorrect Authorization in the Remote Cluster Security API key based security model4.4
- CVE-2024-23450Elasticsearch Uncontrolled Resource Consumption vulnerability4.9
- CVE-2023-46673It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API. 6.5
- CVE-2023-31417Elasticsearch Insertion of sensitive information in audit logs4.1
Product normalization is registry-driven with AI assist and human review. How it works