📦 Elasticsearch

CVE-2023-31418 is a denial-of-service vulnerability in Elasticsearch's HTTP layer where unauthenticated attackers can cause nodes to crash with OutOfMemory errors by sending malformed HTTP requests. T...

CVE-2022-23712 is a Denial of Service vulnerability in Elasticsearch where an unauthenticated attacker can send a specially crafted network request to forcibly shut down an Elasticsearch node. This af...

Elastic Cloud Enterprise versions have the Elasticsearch 'anonymous' user enabled by default, allowing attackers to query cluster details without authentication. While the default anonymous user has n...

This vulnerability allows authenticated Elasticsearch users with snapshot restore privileges to cause memory exhaustion and denial of service through crafted HTTP requests. It affects Elasticsearch de...

This vulnerability allows authenticated Elasticsearch users with low privileges to submit oversized user settings data, causing excessive memory allocation that leads to out-of-memory crashes and pers...

CVE-2025-37731 is an improper authentication vulnerability in Elasticsearch's PKI realm that allows user impersonation via specially crafted client certificates. Attackers with certificates signed by ...

This vulnerability allows sensitive information to be exposed in Elasticsearch log files when auditing requests to the reindex API. Attackers with access to log files could potentially extract confide...

This vulnerability in Elasticsearch allows attackers to cause a denial of service by sending specially crafted SQL queries that trigger excessive memory allocation, leading to OutOfMemoryError crashes...

This CVE allows sensitive Elasticsearch document contents to be exposed in application logs when Watcher search input is configured with DEBUG logging. Only affects Elasticsearch users who have Watche...