opensearch-project Cyber Security Vulnerability Stats and Metrics

SSL Certificate Trust Vulnerability in OpenSearch Data Prepper by OpenSearch

CVE-2025-62371

Opensearch-projectData-prepper7.4HIGH

Vulnerability in OpenTelemetry Logs Source Affects Custom Authentication Plugins

CVE-2024-55886

Opensearch-projectData-prepper6.9MEDIUM

Specially Crafted Parameters Can Lead to External Redirect on Login

CVE-2024-43794

Opensearch-projectSecurity-dashboards-pl...6.1MEDIUM

Unintended Access to Private Tenant Resources in OpenSearch Dashboards Reports

CVE-2024-39900

Opensearch-projectReporting5.4MEDIUM

Unintended Access to Private Tenant Resources in OpenSearch Observability

CVE-2024-39901

Opensearch-projectObservability5.4MEDIUM

OpenSearch Issue with tenant read-only permissions

CVE-2023-45807

Opensearch-projectSecurity5.4MEDIUM

OpenSearch issue with fine-grained access control during extremely rare race conditions

CVE-2023-31141

Opensearch-projectSecurity4.8MEDIUM

Time discrepancy in authentication responses in OpenSearch

CVE-2023-25806

Opensearch-projectSecurity5.3MEDIUM

Issue in Anomaly Detection with document and field level rules in numerical feature aggregations

CVE-2023-23933

Opensearch-projectAnomaly-detection4.3MEDIUM

Issue with whitespace in JWT roles in OpenSearch

CVE-2023-23612

Opensearch-projectSecurity4.7MEDIUM

Field-level security issue with .keyword fields in OpenSearch

CVE-2023-23613

Opensearch-projectSecurity5.7MEDIUM

Incorrect Error Handling Allowed Partial File Reads Over REST API in OpenSearch

CVE-2022-41917

Opensearch-projectOpensearch4.3MEDIUM

Issue with fine-grained access control of indices backing data streams

CVE-2022-41918

Opensearch-projectSecurity6.3MEDIUM

OpenSearch Notifications is vulnerable to Server-Side Request Forgery (SSRF)

CVE-2022-41906

Opensearch-projectNotifications7.7HIGH

OpenSearch vulnerable to Improper Authorization of Index Containing Sensitive Information

CVE-2022-35980

Opensearch-projectSecurity7.5HIGH

Unsafe YAML deserialization in opensearch-ruby

CVE-2022-31115

Opensearch-projectOpensearch-ruby8.8HIGH

opensearch-project Summary

Vulnerability Published:

Sort By:

15 October 2025

SSL Certificate Trust Vulnerability in OpenSearch Data Prepper by OpenSearch

12 December 2024

Vulnerability in OpenTelemetry Logs Source Affects Custom Authentication Plugins

23 August 2024

Specially Crafted Parameters Can Lead to External Redirect on Login

9 July 2024

Unintended Access to Private Tenant Resources in OpenSearch Dashboards Reports

Unintended Access to Private Tenant Resources in OpenSearch Observability

16 October 2023

OpenSearch Issue with tenant read-only permissions

8 May 2023

OpenSearch issue with fine-grained access control during extremely rare race conditions

2 March 2023

Time discrepancy in authentication responses in OpenSearch

3 February 2023

Issue in Anomaly Detection with document and field level rules in numerical feature aggregations

26 January 2023

Issue with whitespace in JWT roles in OpenSearch

Field-level security issue with .keyword fields in OpenSearch

15 November 2022

Incorrect Error Handling Allowed Partial File Reads Over REST API in OpenSearch

Issue with fine-grained access control of indices backing data streams

11 November 2022

OpenSearch Notifications is vulnerable to Server-Side Request Forgery (SSRF)

12 August 2022

OpenSearch vulnerable to Improper Authorization of Index Containing Sensitive Information

30 June 2022

Unsafe YAML deserialization in opensearch-ruby