Logstash
This hub aggregates every CVE we track for Logstash, a product in the databases space. Use it to gauge the current risk picture and drill into individual advisories.
45
CVEs tracked
3
Critical
22
High
0
In CISA KEV
Severity distribution
HIGH22MEDIUM18CRITICAL3LOW2
Monthly trend
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
1
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Logstash.
- CVE-2026-33466Improper Limitation of a Pathname to a Restricted Directory in Logstash Leading to Arbitrary File Write8.1
- CVE-2025-37730Logstash Improper Certificate Validation in TCP output6.5
- CVE-2022-46337Apache Derby: LDAP injection vulnerability in authenticator9.8
- CVE-2023-46672Logstash Insertion of Sensitive Information into Log File8.4
- CVE-2023-39410Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK7.5
- CVE-2022-4245Codehaus-plexus: xml external entity (xxe) injection4.3
- CVE-2022-4244Codehaus-plexus: directory traversal7.5
- CVE-2023-33201Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certif...5.3
- CVE-2023-34455snappy-java's unchecked chunk length leads to DoS7.5
- CVE-2023-34454snappy-java's Integer Overflow vulnerability in compress leads to DoS5.9
- CVE-2023-34453snappy-java's Integer Overflow vulnerability in shuffle leads to DoS5.9
- CVE-2023-2976Use of temporary directory for file creation in `FileBackedOutputStream` in Guava5.5
- CVE-2022-47318ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the prod...8.0
- CVE-2022-46648ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the prod...8.0
- CVE-2022-1471Remote Code execution in SnakeYAML8.3
Product normalization is registry-driven with AI assist and human review. How it works