Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.elasticsearch/elasticsearch@7.0.1
Typemaven
Namespaceorg.elasticsearch
Nameelasticsearch
Version7.0.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.19.8
Latest_non_vulnerable_version9.2.2
Affected_by_vulnerabilities
0
url VCID-2yar-hh4a-fqaz
vulnerability_id VCID-2yar-hh4a-fqaz
summary elasticsearch: Elasticsearch allocation of resources without limits or throttling leads to crash
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43709.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43709.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43709
reference_id
reference_type
scores
0
value 0.00944
scoring_system epss
scoring_elements 0.76606
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43709
2
reference_url https://discuss.elastic.co/t/elasticsearch-7-17-21-and-8-13-3-security-update-esa-2024-25/373442
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-21T16:27:32Z/
url https://discuss.elastic.co/t/elasticsearch-7-17-21-and-8-13-3-security-update-esa-2024-25/373442
3
reference_url https://github.com/elastic/elasticsearch
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-43709
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-43709
5
reference_url https://security.netapp.com/advisory/ntap-20250221-0007
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250221-0007
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2339113
reference_id 2339113
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2339113
7
reference_url https://github.com/advisories/GHSA-jgx4-7v3v-vwfm
reference_id GHSA-jgx4-7v3v-vwfm
reference_type
scores
url https://github.com/advisories/GHSA-jgx4-7v3v-vwfm
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@7.17.21
purl pkg:maven/org.elasticsearch/elasticsearch@7.17.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3va6-b7py-93ft
1
vulnerability VCID-dmrq-r4ss-cyct
2
vulnerability VCID-sd8w-dc9x-b7b1
3
vulnerability VCID-w2as-dgbs-2fge
4
vulnerability VCID-xfry-13cr-vqgs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@7.17.21
1
url pkg:maven/org.elasticsearch/elasticsearch@8.13.3
purl pkg:maven/org.elasticsearch/elasticsearch@8.13.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3va6-b7py-93ft
1
vulnerability VCID-92n7-s146-ybg8
2
vulnerability VCID-dmrq-r4ss-cyct
3
vulnerability VCID-sd8w-dc9x-b7b1
4
vulnerability VCID-w2as-dgbs-2fge
5
vulnerability VCID-xfry-13cr-vqgs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.13.3
aliases CVE-2024-43709, GHSA-jgx4-7v3v-vwfm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2yar-hh4a-fqaz
1
url VCID-4nvw-1sb9-9ygp
vulnerability_id VCID-4nvw-1sb9-9ygp
summary elasticsearch: Race condition in response headers on systems with multiple submitting requests
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7614.json
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7614.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-7614
reference_id
reference_type
scores
0
value 0.00385
scoring_system epss
scoring_elements 0.59968
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-7614
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/elastic/elasticsearch
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-7614
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-7614
5
reference_url https://www.elastic.co/community/security
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.elastic.co/community/security
6
reference_url https://www.elastic.co/community/security/
reference_id
reference_type
scores
url https://www.elastic.co/community/security/
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1747240
reference_id 1747240
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1747240
8
reference_url https://github.com/advisories/GHSA-jqm6-m3j3-8gg9
reference_id GHSA-jqm6-m3j3-8gg9
reference_type
scores
url https://github.com/advisories/GHSA-jqm6-m3j3-8gg9
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@7.2.1
purl pkg:maven/org.elasticsearch/elasticsearch@7.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yar-hh4a-fqaz
1
vulnerability VCID-5m48-t49k-nyd6
2
vulnerability VCID-6fyf-u9a9-1qab
3
vulnerability VCID-6y77-df97-pbb3
4
vulnerability VCID-byzs-e6sw-zfg7
5
vulnerability VCID-d1ud-f7a3-dkhm
6
vulnerability VCID-dkhv-3tsr-uff8
7
vulnerability VCID-dmrq-r4ss-cyct
8
vulnerability VCID-hrnd-zjrc-s7ec
9
vulnerability VCID-pu3f-cqps-sba4
10
vulnerability VCID-q597-e9pv-nyas
11
vulnerability VCID-tyqz-mbqd-t7gh
12
vulnerability VCID-w2as-dgbs-2fge
13
vulnerability VCID-w2pw-tvhv-sydr
14
vulnerability VCID-xfry-13cr-vqgs
15
vulnerability VCID-yw3x-sckd-fyge
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@7.2.1
aliases CVE-2019-7614, GHSA-jqm6-m3j3-8gg9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4nvw-1sb9-9ygp
2
url VCID-5m48-t49k-nyd6
vulnerability_id VCID-5m48-t49k-nyd6
summary elasticsearch: scrolling search can leak fields that should be hidden allowing access restriction bypass
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7019.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7019.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7019
reference_id
reference_type
scores
0
value 0.00176
scoring_system epss
scoring_elements 0.38852
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7019
2
reference_url https://discuss.elastic.co/t/elastic-stack-7-9-0-and-6-8-12-security-update/245456
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://discuss.elastic.co/t/elastic-stack-7-9-0-and-6-8-12-security-update/245456
3
reference_url https://github.com/elastic/elasticsearch
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7019
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7019
5
reference_url https://security.netapp.com/advisory/ntap-20200827-0001
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200827-0001
6
reference_url https://security.netapp.com/advisory/ntap-20200827-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200827-0001/
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1870346
reference_id 1870346
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1870346
8
reference_url https://github.com/advisories/GHSA-c77j-p484-h84m
reference_id GHSA-c77j-p484-h84m
reference_type
scores
url https://github.com/advisories/GHSA-c77j-p484-h84m
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@7.9.0
purl pkg:maven/org.elasticsearch/elasticsearch@7.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yar-hh4a-fqaz
1
vulnerability VCID-6fyf-u9a9-1qab
2
vulnerability VCID-8ubu-bjc1-dbax
3
vulnerability VCID-byzs-e6sw-zfg7
4
vulnerability VCID-d1ud-f7a3-dkhm
5
vulnerability VCID-d5e6-zdqk-fbbe
6
vulnerability VCID-dmrq-r4ss-cyct
7
vulnerability VCID-hrnd-zjrc-s7ec
8
vulnerability VCID-pu3f-cqps-sba4
9
vulnerability VCID-tyqz-mbqd-t7gh
10
vulnerability VCID-w2as-dgbs-2fge
11
vulnerability VCID-w2pw-tvhv-sydr
12
vulnerability VCID-xfry-13cr-vqgs
13
vulnerability VCID-yw3x-sckd-fyge
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@7.9.0
aliases CVE-2020-7019, GHSA-c77j-p484-h84m
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5m48-t49k-nyd6
3
url VCID-6fyf-u9a9-1qab
vulnerability_id VCID-6fyf-u9a9-1qab
summary 
Privilege Context Switching Error in Elasticsearch
Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7020.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7020.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7020
reference_id
reference_type
scores
0
value 0.00077
scoring_system epss
scoring_elements 0.2297
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7020
2
reference_url https://discuss.elastic.co/t/elastic-stack-7-9-3-and-6-8-13-security-update/253033
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://discuss.elastic.co/t/elastic-stack-7-9-3-and-6-8-13-security-update/253033
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/elastic/elasticsearch
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7020
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7020
6
reference_url https://security.netapp.com/advisory/ntap-20201123-0001
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20201123-0001
7
reference_url https://security.netapp.com/advisory/ntap-20201123-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20201123-0001/
8
reference_url https://staging-website.elastic.co/community/security
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://staging-website.elastic.co/community/security
9
reference_url https://staging-website.elastic.co/community/security/
reference_id
reference_type
scores
url https://staging-website.elastic.co/community/security/
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1893125
reference_id 1893125
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1893125
11
reference_url https://github.com/advisories/GHSA-g9fw-9x87-rmrj
reference_id GHSA-g9fw-9x87-rmrj
reference_type
scores
url https://github.com/advisories/GHSA-g9fw-9x87-rmrj
12
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@7.9.2
purl pkg:maven/org.elasticsearch/elasticsearch@7.9.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yar-hh4a-fqaz
1
vulnerability VCID-8ubu-bjc1-dbax
2
vulnerability VCID-byzs-e6sw-zfg7
3
vulnerability VCID-d1ud-f7a3-dkhm
4
vulnerability VCID-d5e6-zdqk-fbbe
5
vulnerability VCID-dmrq-r4ss-cyct
6
vulnerability VCID-hrnd-zjrc-s7ec
7
vulnerability VCID-pu3f-cqps-sba4
8
vulnerability VCID-tyqz-mbqd-t7gh
9
vulnerability VCID-w2as-dgbs-2fge
10
vulnerability VCID-w2pw-tvhv-sydr
11
vulnerability VCID-xfry-13cr-vqgs
12
vulnerability VCID-yw3x-sckd-fyge
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@7.9.2
aliases CVE-2020-7020, GHSA-g9fw-9x87-rmrj
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6fyf-u9a9-1qab
4
url VCID-6y77-df97-pbb3
vulnerability_id VCID-6y77-df97-pbb3
summary elasticsearch: Generating API keys with specific steps could result in generating API key with elevated privileges
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7009.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7009.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7009
reference_id
reference_type
scores
0
value 0.0043
scoring_system epss
scoring_elements 0.62799
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7009
2
reference_url https://discuss.elastic.co/t/elastic-stack-6-8-8-and-7-6-2-security-update/225920
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://discuss.elastic.co/t/elastic-stack-6-8-8-and-7-6-2-security-update/225920
3
reference_url https://github.com/elastic/elasticsearch
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7009
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7009
5
reference_url https://security.netapp.com/advisory/ntap-20200403-0004
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200403-0004
6
reference_url https://security.netapp.com/advisory/ntap-20200403-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200403-0004/
7
reference_url https://www.elastic.co/community/security
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.elastic.co/community/security
8
reference_url https://www.elastic.co/community/security/
reference_id
reference_type
scores
url https://www.elastic.co/community/security/
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1821240
reference_id 1821240
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1821240
10
reference_url https://github.com/advisories/GHSA-gfv5-grx2-9jw2
reference_id GHSA-gfv5-grx2-9jw2
reference_type
scores
url https://github.com/advisories/GHSA-gfv5-grx2-9jw2
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@7.6.2
purl pkg:maven/org.elasticsearch/elasticsearch@7.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yar-hh4a-fqaz
1
vulnerability VCID-5m48-t49k-nyd6
2
vulnerability VCID-6fyf-u9a9-1qab
3
vulnerability VCID-byzs-e6sw-zfg7
4
vulnerability VCID-d1ud-f7a3-dkhm
5
vulnerability VCID-d5e6-zdqk-fbbe
6
vulnerability VCID-dmrq-r4ss-cyct
7
vulnerability VCID-hrnd-zjrc-s7ec
8
vulnerability VCID-pu3f-cqps-sba4
9
vulnerability VCID-tyqz-mbqd-t7gh
10
vulnerability VCID-w2as-dgbs-2fge
11
vulnerability VCID-w2pw-tvhv-sydr
12
vulnerability VCID-xfry-13cr-vqgs
13
vulnerability VCID-yw3x-sckd-fyge
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@7.6.2
aliases CVE-2020-7009, GHSA-gfv5-grx2-9jw2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6y77-df97-pbb3
5
url VCID-byzs-e6sw-zfg7
vulnerability_id VCID-byzs-e6sw-zfg7
summary elasticsearch: Improper Handling of Exceptional Conditions
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46673.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46673.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46673
reference_id
reference_type
scores
0
value 0.00458
scoring_system epss
scoring_elements 0.64275
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46673
2
reference_url https://discuss.elastic.co/t/elasticsearch-7-17-14-8-10-3-security-update-esa-2023-24/347708
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://discuss.elastic.co/t/elasticsearch-7-17-14-8-10-3-security-update-esa-2023-24/347708
3
reference_url https://github.com/elastic/elasticsearch
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46673
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46673
5
reference_url https://www.elastic.co/community/security
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.elastic.co/community/security
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2251123
reference_id 2251123
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2251123
7
reference_url https://github.com/advisories/GHSA-285m-vhfq-xx4h
reference_id GHSA-285m-vhfq-xx4h
reference_type
scores
url https://github.com/advisories/GHSA-285m-vhfq-xx4h
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@7.17.14
purl pkg:maven/org.elasticsearch/elasticsearch@7.17.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yar-hh4a-fqaz
1
vulnerability VCID-3va6-b7py-93ft
2
vulnerability VCID-dmrq-r4ss-cyct
3
vulnerability VCID-sd8w-dc9x-b7b1
4
vulnerability VCID-tyqz-mbqd-t7gh
5
vulnerability VCID-w2as-dgbs-2fge
6
vulnerability VCID-w2pw-tvhv-sydr
7
vulnerability VCID-xfry-13cr-vqgs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@7.17.14
1
url pkg:maven/org.elasticsearch/elasticsearch@8.10.3
purl pkg:maven/org.elasticsearch/elasticsearch@8.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yar-hh4a-fqaz
1
vulnerability VCID-3va6-b7py-93ft
2
vulnerability VCID-dmrq-r4ss-cyct
3
vulnerability VCID-hjwp-hg1f-8fe6
4
vulnerability VCID-q6wg-ab5h-7qbh
5
vulnerability VCID-sd8w-dc9x-b7b1
6
vulnerability VCID-tyqz-mbqd-t7gh
7
vulnerability VCID-w2as-dgbs-2fge
8
vulnerability VCID-w2pw-tvhv-sydr
9
vulnerability VCID-xfry-13cr-vqgs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.10.3
aliases CVE-2023-46673, GHSA-285m-vhfq-xx4h
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-byzs-e6sw-zfg7
6
url VCID-d1ud-f7a3-dkhm
vulnerability_id VCID-d1ud-f7a3-dkhm
summary 
Elasticsearch allows insertion of sensitive information into log files when using deprecated URIs
Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. It was found that this filtering was not applied when requests to Elasticsearch use certain deprecated URIs for APIs. The impact of this flaw is that sensitive information such as passwords and tokens might be printed in cleartext in Elasticsearch audit logs. Note that audit logging is disabled by default and needs to be explicitly enabled and even when audit logging is enabled, request bodies that could contain sensitive information are not printed to the audit log unless explicitly configured.

The `_xpack/security` APIs have been deprecated in Elasticsearch 7.x and were entirely removed in 8.0.0 and later. The only way for a client to use them in Elasticsearch 8.0.0 and later is to provide the `Accept: application/json; compatible-with=7` header. Elasticsearch official clients do not use these deprecated APIs.

The list of affected, deprecated APIs, is the following:

`POST /_xpack/security/user/{username}`
`PUT /_xpack/security/user/{username}`
`PUT /_xpack/security/user/{username}/_password`
`POST /_xpack/security/user/{username}/_password`
`PUT /_xpack/security/user/_password`
`POST /_xpack/security/user/_password`
`POST /_xpack/security/oauth2/token`
`DELETE /_xpack/security/oauth2/token`
`POST /_xpack/security/saml/authenticate`
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31417.json
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31417.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-31417
reference_id
reference_type
scores
0
value 0.0006
scoring_system epss
scoring_elements 0.18913
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-31417
2
reference_url https://discuss.elastic.co/t/elasticsearch-8-9-2-and-7-17-13-security-update/342479
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://discuss.elastic.co/t/elasticsearch-8-9-2-and-7-17-13-security-update/342479
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31417
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-31417
4
reference_url https://security.netapp.com/advisory/ntap-20231130-0006
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231130-0006
5
reference_url https://www.elastic.co/community/security
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.elastic.co/community/security
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2237927
reference_id 2237927
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2237927
7
reference_url https://github.com/advisories/GHSA-99pc-69q9-jxf2
reference_id GHSA-99pc-69q9-jxf2
reference_type
scores
url https://github.com/advisories/GHSA-99pc-69q9-jxf2
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@7.17.13
purl pkg:maven/org.elasticsearch/elasticsearch@7.17.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yar-hh4a-fqaz
1
vulnerability VCID-3va6-b7py-93ft
2
vulnerability VCID-byzs-e6sw-zfg7
3
vulnerability VCID-dmrq-r4ss-cyct
4
vulnerability VCID-sd8w-dc9x-b7b1
5
vulnerability VCID-tyqz-mbqd-t7gh
6
vulnerability VCID-w2as-dgbs-2fge
7
vulnerability VCID-w2pw-tvhv-sydr
8
vulnerability VCID-xfry-13cr-vqgs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@7.17.13
1
url pkg:maven/org.elasticsearch/elasticsearch@8.9.2
purl pkg:maven/org.elasticsearch/elasticsearch@8.9.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yar-hh4a-fqaz
1
vulnerability VCID-3va6-b7py-93ft
2
vulnerability VCID-byzs-e6sw-zfg7
3
vulnerability VCID-dmrq-r4ss-cyct
4
vulnerability VCID-hjwp-hg1f-8fe6
5
vulnerability VCID-sd8w-dc9x-b7b1
6
vulnerability VCID-tyqz-mbqd-t7gh
7
vulnerability VCID-w2as-dgbs-2fge
8
vulnerability VCID-w2pw-tvhv-sydr
9
vulnerability VCID-xfry-13cr-vqgs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.9.2
aliases CVE-2023-31417, GHSA-99pc-69q9-jxf2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d1ud-f7a3-dkhm
7
url VCID-dkhv-3tsr-uff8
vulnerability_id VCID-dkhv-3tsr-uff8
summary elasticsearch: Username disclosure in API Key service
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7619.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7619.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-7619
reference_id
reference_type
scores
0
value 0.02399
scoring_system epss
scoring_elements 0.85309
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-7619
2
reference_url https://discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908
3
reference_url https://discuss.elastic.co/t/elastic-stack-7-4-0-security-update/201831
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://discuss.elastic.co/t/elastic-stack-7-4-0-security-update/201831
4
reference_url https://github.com/elastic/elasticsearch
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-7619
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-7619
6
reference_url https://www.elastic.co/community/security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.elastic.co/community/security
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1764751
reference_id 1764751
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1764751
8
reference_url https://github.com/advisories/GHSA-hxp8-r9g3-grfr
reference_id GHSA-hxp8-r9g3-grfr
reference_type
scores
url https://github.com/advisories/GHSA-hxp8-r9g3-grfr
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@7.4.0
purl pkg:maven/org.elasticsearch/elasticsearch@7.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yar-hh4a-fqaz
1
vulnerability VCID-5m48-t49k-nyd6
2
vulnerability VCID-6fyf-u9a9-1qab
3
vulnerability VCID-6y77-df97-pbb3
4
vulnerability VCID-byzs-e6sw-zfg7
5
vulnerability VCID-d1ud-f7a3-dkhm
6
vulnerability VCID-dmrq-r4ss-cyct
7
vulnerability VCID-hrnd-zjrc-s7ec
8
vulnerability VCID-pu3f-cqps-sba4
9
vulnerability VCID-q597-e9pv-nyas
10
vulnerability VCID-tyqz-mbqd-t7gh
11
vulnerability VCID-w2as-dgbs-2fge
12
vulnerability VCID-w2pw-tvhv-sydr
13
vulnerability VCID-xfry-13cr-vqgs
14
vulnerability VCID-yw3x-sckd-fyge
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@7.4.0
aliases CVE-2019-7619, GHSA-hxp8-r9g3-grfr
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dkhv-3tsr-uff8
8
url VCID-dmrq-r4ss-cyct
vulnerability_id VCID-dmrq-r4ss-cyct
summary elasticsearch: Elasticsearch Uncontrolled Resource Consumption vulnerability
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52979.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52979.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52979
reference_id
reference_type
scores
0
value 0.00197
scoring_system epss
scoring_elements 0.41522
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52979
2
reference_url https://discuss.elastic.co/t/elasticsearch-7-17-25-and-8-16-0-security-update-esa-2024-40/377709
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T13:25:38Z/
url https://discuss.elastic.co/t/elasticsearch-7-17-25-and-8-16-0-security-update-esa-2024-40/377709
3
reference_url https://github.com/elastic/elasticsearch
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch
4
reference_url https://github.com/elastic/elasticsearch/commit/cbde7f456d7ccd98556302fccf3238bb4557fc91
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/commit/cbde7f456d7ccd98556302fccf3238bb4557fc91
5
reference_url https://github.com/elastic/elasticsearch/commit/f9b6b57d1d0f76e2d14291c04fb50abeb642cfbf
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/commit/f9b6b57d1d0f76e2d14291c04fb50abeb642cfbf
6
reference_url https://github.com/elastic/elasticsearch/pull/114002
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/pull/114002
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52979
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52979
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2363312
reference_id 2363312
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2363312
9
reference_url https://github.com/advisories/GHSA-mm3m-5497-xggg
reference_id GHSA-mm3m-5497-xggg
reference_type
scores
url https://github.com/advisories/GHSA-mm3m-5497-xggg
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@7.17.25
purl pkg:maven/org.elasticsearch/elasticsearch@7.17.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3va6-b7py-93ft
1
vulnerability VCID-w2as-dgbs-2fge
2
vulnerability VCID-xfry-13cr-vqgs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@7.17.25
1
url pkg:maven/org.elasticsearch/elasticsearch@8.16.0
purl pkg:maven/org.elasticsearch/elasticsearch@8.16.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qnx-hvz3-ybhb
1
vulnerability VCID-w2as-dgbs-2fge
2
vulnerability VCID-xfry-13cr-vqgs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.16.0
aliases CVE-2024-52979, GHSA-mm3m-5497-xggg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dmrq-r4ss-cyct
9
url VCID-hrnd-zjrc-s7ec
vulnerability_id VCID-hrnd-zjrc-s7ec
summary 
Elasticsearch vulnerable to stack overflow in the search API
A flaw was discovered in Elasticsearch affecting the `_search` API that allowed a specially crafted query string to cause a stack overflow and ultimately a denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31419.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31419.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-31419
reference_id
reference_type
scores
0
value 0.39212
scoring_system epss
scoring_elements 0.97354
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-31419
2
reference_url https://discuss.elastic.co/t/elasticsearch-8-9-1-7-17-13-security-update/343297
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://discuss.elastic.co/t/elasticsearch-8-9-1-7-17-13-security-update/343297
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31419
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-31419
4
reference_url https://security.netapp.com/advisory/ntap-20231116-0010
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231116-0010
5
reference_url https://www.elastic.co/community/security
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.elastic.co/community/security
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2246940
reference_id 2246940
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2246940
7
reference_url https://github.com/advisories/GHSA-qwrx-45xf-jjf7
reference_id GHSA-qwrx-45xf-jjf7
reference_type
scores
url https://github.com/advisories/GHSA-qwrx-45xf-jjf7
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@7.17.13
purl pkg:maven/org.elasticsearch/elasticsearch@7.17.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yar-hh4a-fqaz
1
vulnerability VCID-3va6-b7py-93ft
2
vulnerability VCID-byzs-e6sw-zfg7
3
vulnerability VCID-dmrq-r4ss-cyct
4
vulnerability VCID-sd8w-dc9x-b7b1
5
vulnerability VCID-tyqz-mbqd-t7gh
6
vulnerability VCID-w2as-dgbs-2fge
7
vulnerability VCID-w2pw-tvhv-sydr
8
vulnerability VCID-xfry-13cr-vqgs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@7.17.13
1
url pkg:maven/org.elasticsearch/elasticsearch@8.9.1
purl pkg:maven/org.elasticsearch/elasticsearch@8.9.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yar-hh4a-fqaz
1
vulnerability VCID-3va6-b7py-93ft
2
vulnerability VCID-byzs-e6sw-zfg7
3
vulnerability VCID-d1ud-f7a3-dkhm
4
vulnerability VCID-dmrq-r4ss-cyct
5
vulnerability VCID-hjwp-hg1f-8fe6
6
vulnerability VCID-sd8w-dc9x-b7b1
7
vulnerability VCID-tyqz-mbqd-t7gh
8
vulnerability VCID-w2as-dgbs-2fge
9
vulnerability VCID-w2pw-tvhv-sydr
10
vulnerability VCID-xfry-13cr-vqgs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.9.1
aliases CVE-2023-31419, GHSA-qwrx-45xf-jjf7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hrnd-zjrc-s7ec
10
url VCID-pu3f-cqps-sba4
vulnerability_id VCID-pu3f-cqps-sba4
summary 
Elasticsearch vulnerable to Uncontrolled Resource Consumption
An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31418.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31418.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-31418
reference_id
reference_type
scores
0
value 0.00925
scoring_system epss
scoring_elements 0.76363
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-31418
2
reference_url https://discuss.elastic.co/t/elasticsearch-8-9-0-7-17-13-security-update/343616
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://discuss.elastic.co/t/elasticsearch-8-9-0-7-17-13-security-update/343616
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31418
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-31418
5
reference_url https://security.netapp.com/advisory/ntap-20231130-0005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231130-0005
6
reference_url https://www.elastic.co/community/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.elastic.co/community/security
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2246938
reference_id 2246938
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2246938
8
reference_url https://github.com/advisories/GHSA-2cqf-6xv9-f22w
reference_id GHSA-2cqf-6xv9-f22w
reference_type
scores
url https://github.com/advisories/GHSA-2cqf-6xv9-f22w
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@7.17.13
purl pkg:maven/org.elasticsearch/elasticsearch@7.17.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yar-hh4a-fqaz
1
vulnerability VCID-3va6-b7py-93ft
2
vulnerability VCID-byzs-e6sw-zfg7
3
vulnerability VCID-dmrq-r4ss-cyct
4
vulnerability VCID-sd8w-dc9x-b7b1
5
vulnerability VCID-tyqz-mbqd-t7gh
6
vulnerability VCID-w2as-dgbs-2fge
7
vulnerability VCID-w2pw-tvhv-sydr
8
vulnerability VCID-xfry-13cr-vqgs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@7.17.13
1
url pkg:maven/org.elasticsearch/elasticsearch@8.9.0
purl pkg:maven/org.elasticsearch/elasticsearch@8.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yar-hh4a-fqaz
1
vulnerability VCID-3va6-b7py-93ft
2
vulnerability VCID-byzs-e6sw-zfg7
3
vulnerability VCID-d1ud-f7a3-dkhm
4
vulnerability VCID-dmrq-r4ss-cyct
5
vulnerability VCID-hjwp-hg1f-8fe6
6
vulnerability VCID-hrnd-zjrc-s7ec
7
vulnerability VCID-sd8w-dc9x-b7b1
8
vulnerability VCID-tyqz-mbqd-t7gh
9
vulnerability VCID-w2as-dgbs-2fge
10
vulnerability VCID-w2pw-tvhv-sydr
11
vulnerability VCID-xfry-13cr-vqgs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.9.0
aliases CVE-2023-31418, GHSA-2cqf-6xv9-f22w
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pu3f-cqps-sba4
11
url VCID-q597-e9pv-nyas
vulnerability_id VCID-q597-e9pv-nyas
summary 
Privilege Escalation Flaw in Elasticsearch
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7014.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7014.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7014
reference_id
reference_type
scores
0
value 0.0042
scoring_system epss
scoring_elements 0.62227
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7014
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7014
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7014
3
reference_url https://security.netapp.com/advisory/ntap-20200619-0003
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200619-0003
4
reference_url https://security.netapp.com/advisory/ntap-20200619-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200619-0003/
5
reference_url https://www.elastic.co/community/security
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.elastic.co/community/security
6
reference_url https://www.elastic.co/community/security/
reference_id
reference_type
scores
url https://www.elastic.co/community/security/
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1849019
reference_id 1849019
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1849019
8
reference_url https://github.com/advisories/GHSA-hqqv-9x3v-mp7w
reference_id GHSA-hqqv-9x3v-mp7w
reference_type
scores
url https://github.com/advisories/GHSA-hqqv-9x3v-mp7w
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@7.6.2
purl pkg:maven/org.elasticsearch/elasticsearch@7.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yar-hh4a-fqaz
1
vulnerability VCID-5m48-t49k-nyd6
2
vulnerability VCID-6fyf-u9a9-1qab
3
vulnerability VCID-byzs-e6sw-zfg7
4
vulnerability VCID-d1ud-f7a3-dkhm
5
vulnerability VCID-d5e6-zdqk-fbbe
6
vulnerability VCID-dmrq-r4ss-cyct
7
vulnerability VCID-hrnd-zjrc-s7ec
8
vulnerability VCID-pu3f-cqps-sba4
9
vulnerability VCID-tyqz-mbqd-t7gh
10
vulnerability VCID-w2as-dgbs-2fge
11
vulnerability VCID-w2pw-tvhv-sydr
12
vulnerability VCID-xfry-13cr-vqgs
13
vulnerability VCID-yw3x-sckd-fyge
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@7.6.2
aliases CVE-2020-7014, GHSA-hqqv-9x3v-mp7w
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q597-e9pv-nyas
12
url VCID-tyqz-mbqd-t7gh
vulnerability_id VCID-tyqz-mbqd-t7gh
summary 
Elasticsearch Uncontrolled Resource Consumption vulnerability
A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23450.json
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23450.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-23450
reference_id
reference_type
scores
0
value 0.01064
scoring_system epss
scoring_elements 0.77967
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-23450
2
reference_url https://discuss.elastic.co/t/elasticsearch-8-13-0-7-17-19-security-update-esa-2024-06/356314
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T01:36:22Z/
url https://discuss.elastic.co/t/elasticsearch-8-13-0-7-17-19-security-update-esa-2024-06/356314
3
reference_url https://github.com/elastic/elasticsearch
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-23450
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-23450
5
reference_url https://security.netapp.com/advisory/ntap-20240517-0010
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240517-0010
6
reference_url https://www.elastic.co/community/security
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T01:36:22Z/
url https://www.elastic.co/community/security
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2271933
reference_id 2271933
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2271933
8
reference_url https://github.com/advisories/GHSA-w5gg-2q56-6h4f
reference_id GHSA-w5gg-2q56-6h4f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w5gg-2q56-6h4f
9
reference_url https://security.netapp.com/advisory/ntap-20240517-0010/
reference_id ntap-20240517-0010
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T01:36:22Z/
url https://security.netapp.com/advisory/ntap-20240517-0010/
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@7.17.19
purl pkg:maven/org.elasticsearch/elasticsearch@7.17.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yar-hh4a-fqaz
1
vulnerability VCID-3va6-b7py-93ft
2
vulnerability VCID-dmrq-r4ss-cyct
3
vulnerability VCID-sd8w-dc9x-b7b1
4
vulnerability VCID-w2as-dgbs-2fge
5
vulnerability VCID-xfry-13cr-vqgs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@7.17.19
1
url pkg:maven/org.elasticsearch/elasticsearch@8.13.0
purl pkg:maven/org.elasticsearch/elasticsearch@8.13.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yar-hh4a-fqaz
1
vulnerability VCID-3va6-b7py-93ft
2
vulnerability VCID-dmrq-r4ss-cyct
3
vulnerability VCID-sd8w-dc9x-b7b1
4
vulnerability VCID-w2as-dgbs-2fge
5
vulnerability VCID-xfry-13cr-vqgs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.13.0
aliases CVE-2024-23450, GHSA-w5gg-2q56-6h4f
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tyqz-mbqd-t7gh
13
url VCID-w2as-dgbs-2fge
vulnerability_id VCID-w2as-dgbs-2fge
summary elasticsearch: Elasticsearch: User impersonation due to improper authentication in Public Key Infrastructure (PKI) realm
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-37731.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-37731.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-37731
reference_id
reference_type
scores
0
value 0.00038
scoring_system epss
scoring_elements 0.11827
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-37731
2
reference_url https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-27/384063
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-16T04:56:03Z/
url https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-27/384063
3
reference_url https://github.com/elastic/elasticsearch
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch
4
reference_url https://github.com/elastic/elasticsearch/commit/cd97b8566bf56e628070021300784cb9cee0286f
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/commit/cd97b8566bf56e628070021300784cb9cee0286f
5
reference_url https://github.com/elastic/elasticsearch/commit/d8a408da79f214395845d99d241e832077045983
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/commit/d8a408da79f214395845d99d241e832077045983
6
reference_url https://github.com/elastic/elasticsearch/commit/e519fe4c51a3c887675eb7daea2f914738847f23
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/commit/e519fe4c51a3c887675eb7daea2f914738847f23
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-37731
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-37731
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2422248
reference_id 2422248
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2422248
9
reference_url https://github.com/advisories/GHSA-m9gh-789g-q5pv
reference_id GHSA-m9gh-789g-q5pv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m9gh-789g-q5pv
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@8.19.8
purl pkg:maven/org.elasticsearch/elasticsearch@8.19.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.19.8
1
url pkg:maven/org.elasticsearch/elasticsearch@9.1.8
purl pkg:maven/org.elasticsearch/elasticsearch@9.1.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@9.1.8
2
url pkg:maven/org.elasticsearch/elasticsearch@9.2.2
purl pkg:maven/org.elasticsearch/elasticsearch@9.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@9.2.2
aliases CVE-2025-37731, GHSA-m9gh-789g-q5pv
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w2as-dgbs-2fge
14
url VCID-w2pw-tvhv-sydr
vulnerability_id VCID-w2pw-tvhv-sydr
summary 
Elasticsearch Insertion of Sensitive Information into Log File
An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printed in logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by removing this excessive logging. This issue only affects users that use Watcher and have a Watch defined that uses the search input and additionally have set the search input’s logger to DEBUG or finer, for example using: org.elasticsearch.xpack.watcher.input.search, org.elasticsearch.xpack.watcher.input, org.elasticsearch.xpack.watcher, or wider, since the loggers are hierarchical.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49921.json
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49921.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49921
reference_id
reference_type
scores
0
value 0.00701
scoring_system epss
scoring_elements 0.72345
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49921
2
reference_url https://discuss.elastic.co/t/elasticsearch-8-11-2-7-17-16-security-update-esa-2023-29/349179
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value 4.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-26T13:47:02Z/
url https://discuss.elastic.co/t/elasticsearch-8-11-2-7-17-16-security-update-esa-2023-29/349179
3
reference_url https://github.com/elastic/elasticsearch
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value 4.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49921
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value 4.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-49921
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2254251
reference_id 2254251
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2254251
6
reference_url https://github.com/advisories/GHSA-2hjr-vmf3-xwvp
reference_id GHSA-2hjr-vmf3-xwvp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2hjr-vmf3-xwvp
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@7.17.16
purl pkg:maven/org.elasticsearch/elasticsearch@7.17.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yar-hh4a-fqaz
1
vulnerability VCID-3va6-b7py-93ft
2
vulnerability VCID-dmrq-r4ss-cyct
3
vulnerability VCID-sd8w-dc9x-b7b1
4
vulnerability VCID-tyqz-mbqd-t7gh
5
vulnerability VCID-w2as-dgbs-2fge
6
vulnerability VCID-xfry-13cr-vqgs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@7.17.16
1
url pkg:maven/org.elasticsearch/elasticsearch@8.11.2
purl pkg:maven/org.elasticsearch/elasticsearch@8.11.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yar-hh4a-fqaz
1
vulnerability VCID-3va6-b7py-93ft
2
vulnerability VCID-dmrq-r4ss-cyct
3
vulnerability VCID-q6wg-ab5h-7qbh
4
vulnerability VCID-sd8w-dc9x-b7b1
5
vulnerability VCID-tyqz-mbqd-t7gh
6
vulnerability VCID-w2as-dgbs-2fge
7
vulnerability VCID-xfry-13cr-vqgs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.11.2
aliases CVE-2023-49921, GHSA-2hjr-vmf3-xwvp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w2pw-tvhv-sydr
15
url VCID-xfry-13cr-vqgs
vulnerability_id VCID-xfry-13cr-vqgs
summary org.elasticsearch/elasticsearch-core: Elasticsearch Insertion of sensitive information in log file
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-37727.json
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-37727.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-37727
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05611
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-37727
2
reference_url https://discuss.elastic.co/t/elasticsearch-8-18-8-8-19-5-9-0-8-9-1-5-security-update-esa-2025-18/382453
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T16:34:28Z/
url https://discuss.elastic.co/t/elasticsearch-8-18-8-8-19-5-9-0-8-9-1-5-security-update-esa-2025-18/382453
3
reference_url https://github.com/elastic/elasticsearch
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch
4
reference_url https://github.com/elastic/elasticsearch/commit/e982eef416a5e1c2a4e94236d7d3b33b5c8d07db
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/commit/e982eef416a5e1c2a4e94236d7d3b33b5c8d07db
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-37727
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-37727
6
reference_url https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.8.html
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.8.html
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2403034
reference_id 2403034
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2403034
8
reference_url https://github.com/advisories/GHSA-56r7-h6mw-rcfv
reference_id GHSA-56r7-h6mw-rcfv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-56r7-h6mw-rcfv
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@8.18.8
purl pkg:maven/org.elasticsearch/elasticsearch@8.18.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-w2as-dgbs-2fge
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.18.8
1
url pkg:maven/org.elasticsearch/elasticsearch@8.19.5
purl pkg:maven/org.elasticsearch/elasticsearch@8.19.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-w2as-dgbs-2fge
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.19.5
2
url pkg:maven/org.elasticsearch/elasticsearch@9.0.8
purl pkg:maven/org.elasticsearch/elasticsearch@9.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-w2as-dgbs-2fge
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@9.0.8
3
url pkg:maven/org.elasticsearch/elasticsearch@9.1.5
purl pkg:maven/org.elasticsearch/elasticsearch@9.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-w2as-dgbs-2fge
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@9.1.5
aliases CVE-2025-37727, GHSA-56r7-h6mw-rcfv
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xfry-13cr-vqgs
16
url VCID-yw3x-sckd-fyge
vulnerability_id VCID-yw3x-sckd-fyge
summary 
Denial of Service in Elasticsearch
In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22144.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22144.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22144
reference_id
reference_type
scores
0
value 0.00211
scoring_system epss
scoring_elements 0.43621
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22144
2
reference_url https://discuss.elastic.co/t/elasticsearch-7-13-3-and-6-8-17-security-update/278100
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://discuss.elastic.co/t/elasticsearch-7-13-3-and-6-8-17-security-update/278100
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22144
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22144
4
reference_url https://security.netapp.com/advisory/ntap-20210827-0006
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210827-0006
5
reference_url https://security.netapp.com/advisory/ntap-20210827-0006/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210827-0006/
6
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1987299
reference_id 1987299
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1987299
8
reference_url https://github.com/advisories/GHSA-3393-hvrj-w7v3
reference_id GHSA-3393-hvrj-w7v3
reference_type
scores
url https://github.com/advisories/GHSA-3393-hvrj-w7v3
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@7.13.3
purl pkg:maven/org.elasticsearch/elasticsearch@7.13.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yar-hh4a-fqaz
1
vulnerability VCID-byzs-e6sw-zfg7
2
vulnerability VCID-d1ud-f7a3-dkhm
3
vulnerability VCID-dmrq-r4ss-cyct
4
vulnerability VCID-hrnd-zjrc-s7ec
5
vulnerability VCID-mbxz-rq3f-7fbj
6
vulnerability VCID-pu3f-cqps-sba4
7
vulnerability VCID-tyqz-mbqd-t7gh
8
vulnerability VCID-w2as-dgbs-2fge
9
vulnerability VCID-w2pw-tvhv-sydr
10
vulnerability VCID-xfry-13cr-vqgs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@7.13.3
aliases CVE-2021-22144, GHSA-3393-hvrj-w7v3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yw3x-sckd-fyge
17
url VCID-zyuk-v4bc-dqdf
vulnerability_id VCID-zyuk-v4bc-dqdf
summary elasticsearch: Information disclosure via audit logging with emit_request_body option enabled
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7021.json
reference_id
reference_type
scores
0
value 1.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7021.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7021
reference_id
reference_type
scores
0
value 0.00292
scoring_system epss
scoring_elements 0.52812
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7021
2
reference_url https://discuss.elastic.co/t/elastic-stack-7-11-0-and-6-8-14-security-update/263915
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://discuss.elastic.co/t/elastic-stack-7-11-0-and-6-8-14-security-update/263915
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 1.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/elastic/elasticsearch
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7021
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7021
6
reference_url https://security.netapp.com/advisory/ntap-20210319-0003
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210319-0003
7
reference_url https://security.netapp.com/advisory/ntap-20210319-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210319-0003/
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1927480
reference_id 1927480
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1927480
9
reference_url https://github.com/advisories/GHSA-cqgv-256r-m9r8
reference_id GHSA-cqgv-256r-m9r8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cqgv-256r-m9r8
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@7.1.0
purl pkg:maven/org.elasticsearch/elasticsearch@7.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yar-hh4a-fqaz
1
vulnerability VCID-4nvw-1sb9-9ygp
2
vulnerability VCID-5m48-t49k-nyd6
3
vulnerability VCID-6fyf-u9a9-1qab
4
vulnerability VCID-6y77-df97-pbb3
5
vulnerability VCID-byzs-e6sw-zfg7
6
vulnerability VCID-d1ud-f7a3-dkhm
7
vulnerability VCID-dkhv-3tsr-uff8
8
vulnerability VCID-dmrq-r4ss-cyct
9
vulnerability VCID-hrnd-zjrc-s7ec
10
vulnerability VCID-pu3f-cqps-sba4
11
vulnerability VCID-q597-e9pv-nyas
12
vulnerability VCID-tyqz-mbqd-t7gh
13
vulnerability VCID-w2as-dgbs-2fge
14
vulnerability VCID-w2pw-tvhv-sydr
15
vulnerability VCID-xfry-13cr-vqgs
16
vulnerability VCID-yw3x-sckd-fyge
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@7.1.0
1
url pkg:maven/org.elasticsearch/elasticsearch@7.10.0
purl pkg:maven/org.elasticsearch/elasticsearch@7.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yar-hh4a-fqaz
1
vulnerability VCID-8ubu-bjc1-dbax
2
vulnerability VCID-byzs-e6sw-zfg7
3
vulnerability VCID-d1ud-f7a3-dkhm
4
vulnerability VCID-d5e6-zdqk-fbbe
5
vulnerability VCID-dmrq-r4ss-cyct
6
vulnerability VCID-hrnd-zjrc-s7ec
7
vulnerability VCID-pu3f-cqps-sba4
8
vulnerability VCID-tyqz-mbqd-t7gh
9
vulnerability VCID-w2as-dgbs-2fge
10
vulnerability VCID-w2pw-tvhv-sydr
11
vulnerability VCID-xfry-13cr-vqgs
12
vulnerability VCID-yw3x-sckd-fyge
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@7.10.0
aliases CVE-2020-7021, GHSA-cqgv-256r-m9r8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zyuk-v4bc-dqdf
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@7.0.1