opensearch-dashboards-2-fips

Direct Vulnerabilities

Known vulnerabilities in the opensearch-dashboards-2-fips package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L CVE-2026-41139	<2.19.5-r7
H Inefficient Regular Expression Complexity	<2.19.5-r7
L GHSA-jg4p-7fhp-p32p	<2.19.5-r7
L GHSA-6v7q-wjvx-w8wg	<2.19.5-r7
L GHSA-chqc-8p9q-pq6q	<2.19.5-r7
L CRLF Injection	<2.19.5-r7
L GHSA-jvff-x2qm-6286	<2.19.5-r7
L GHSA-fvcv-3m26-pcqx	<2.19.5-r7
M HTTP Response Splitting	<2.19.5-r7
C Unintended Proxy or Intermediary ('Confused Deputy')	<2.19.5-r7
L GHSA-r5fr-rjxr-66jc	<2.19.5-r7
M Directory Traversal	<2.19.5-r7
M CVE-2026-2950	<2.19.5-r7
L GHSA-92pp-h63x-v22m	<2.19.5-r7
L GHSA-wmmm-f939-6g9c	<2.19.5-r7
L Directory Traversal	<2.19.5-r7
M Incorrect Behavior Order: Validate Before Canonicalize	<2.19.5-r7
L GHSA-xpcf-pg52-r92g	<2.19.5-r7
H Directory Traversal	<2.19.5-r7
L GHSA-xf4j-xp2r-rqqx	<2.19.5-r7
L GHSA-r5rp-j6wh-rvv4	<2.19.5-r7
L GHSA-26pp-8wgv-hjvm	<2.19.5-r7
L GHSA-3p68-rc4w-qgx5	<2.19.5-r7
C CVE-2026-4800	<2.19.5-r7
L GHSA-f23m-r3pf-42rh	<2.19.5-r7
L Improper Input Validation	<2.19.5-r7
L GHSA-2g4f-4pwh-qvx6	<2.19.5-r5
L Inefficient Regular Expression Complexity	<2.19.5-r5
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<2.19.5-r4
L Improper Input Validation	<2.19.5-r5
L Arbitrary Code Injection	<2.19.5-r4
L GHSA-2qvq-rjwj-gvw9	<2.19.5-r4
L GHSA-9cx6-37pm-9jff	<2.19.5-r4
L GHSA-3v7f-55p6-f55p	<2.19.5-r4
L Loop with Unreachable Exit Condition ('Infinite Loop')	<2.19.5-r5
L GHSA-2328-f5f3-gj25	<2.19.5-r5
L CVE-2026-4923	<2.19.5-r5
L GHSA-442j-39wm-28r2	<2.19.5-r4
L Improper Check for Unusual or Exceptional Conditions	<2.19.5-r4
L GHSA-xjpj-3mr7-gcpf	<2.19.5-r4
C Improper Certificate Validation	<2.19.5-r5
H Cross-site Scripting (XSS)	<2.19.5-r4
L GHSA-27v5-c462-wpq7	<2.19.5-r5
L Arbitrary Code Injection	<2.19.5-r4
L GHSA-xhpv-hc6g-r9c6	<2.19.5-r4
L CVE-2026-4926	<2.19.5-r5
H Resource Exhaustion	<2.19.5-r5
L Inefficient Regular Expression Complexity	<2.19.5-r4
L GHSA-q67f-28xg-22rw	<2.19.5-r5
L GHSA-f886-m6hf-6m8v	<2.19.5-r5
L GHSA-5m6q-g25r-mvwx	<2.19.5-r5
L Arbitrary Code Injection	<2.19.5-r4
L GHSA-3mfm-83xf-c92r	<2.19.5-r4
L GHSA-j3q9-mxjg-w52f	<2.19.5-r5
L GHSA-7rx3-28cr-v5wh	<2.19.5-r4
L GHSA-2w6w-674q-4c4q	<2.19.5-r4
L GHSA-c2c7-rcm5-vvqj	<2.19.5-r4
L Improper Verification of Cryptographic Signature	<2.19.5-r5
L GHSA-ppp5-5v6c-4jwp	<2.19.5-r5
M Cross-site Scripting (XSS)	<2.19.5-r4
L Uncontrolled Recursion	<2.19.5-r3
L GHSA-48c2-rrv3-qjmp	<2.19.5-r3
C Improper Handling of URL Encoding (Hex Encoding)	<2.19.5-r1
L GHSA-7x6v-j9x4-qf24	<2.19.5-r1
M Improper Encoding or Escaping of Output	<2.19.5-r1
L GHSA-p6xx-57qc-3wxr	<2.19.5-r1
M Cross-site Scripting (XSS)	<2.19.5-r1
L GHSA-5pq2-9x2x-5p6w	<2.19.5-r1
L Arbitrary Code Injection	<2.19.5-r1
L GHSA-v8jm-5vwx-cfxm	<2.19.5-r1
L GHSA-wc8c-qw6v-h7f6	<2.19.5-r1
M Cross-site Scripting (XSS)	<2.19.5-r1
M Directory Traversal	<2.19.5-r1
L GHSA-q5qw-h33p-qvwr	<2.19.5-r1
L GHSA-9ppj-qmqm-q256	<2.19.5-r1
L GHSA-wfv2-pwc8-crg5	<2.19.5-r1
L Incorrect Authorization	<2.19.5-r1
L Inappropriate Comment Style	<2.19.5-r1
M Off-by-one Error	<2.19.5-r0
L GHSA-gmq8-994r-jv83	<2.19.5-r0
L GHSA-r6q2-hw4h-h46w	<2.19.5-r0
H Directory Traversal	<2.19.5-r0
L GHSA-34x7-hfp2-rc4v	<2.19.5-r0
L GHSA-qffp-2rhf-9h96	<2.19.5-r0
L GHSA-8qq5-rm4j-mr97	<2.19.5-r0
M Improper Handling of Unicode Encoding	<2.19.5-r0
M Directory Traversal	<2.19.5-r0
L Directory Traversal	<2.19.5-r0
L GHSA-83g3-92jg-28cx	<2.19.5-r0
M Directory Traversal	<2.19.5-r0
L GHSA-v8w9-8mx6-g223	<2.19.5-r1
L GHSA-v2wj-7wpq-c8vv	<2.19.5-r1
M Cross-site Scripting (XSS)	<2.19.5-r1
L GHSA-46wh-pxpv-q5gq	<2.19.4-r14
L Allocation of Resources Without Limits or Throttling	<2.19.4-r14
L GHSA-23c5-xmqv-rm74	<2.19.4-r13
L GHSA-3ppc-4f35-3m26	<2.19.4-r13
L Inefficient Regular Expression Complexity	<2.19.4-r13
L Algorithmic Complexity	<2.19.4-r13
H Inefficient Regular Expression Complexity	<2.19.4-r13
L GHSA-7r86-cg39-jmmj	<2.19.4-r13
L GHSA-5rq4-664w-9x2c	<2.19.4-r12
C Directory Traversal	<2.19.4-r12
L GHSA-378v-28hj-76wf	<2.19.4-r11
L CVE-2026-2739	<2.19.4-r11
L GHSA-6rw7-vpxm-498p	<2.19.4-r11
L CVE-2025-57352	<2.19.4-r11
L CVE-2025-15284	<2.19.4-r11
L GHSA-rx8g-88g5-qh64	<2.19.4-r11
H CVE-2026-2391	<2.19.4-r10
L GHSA-w7fw-mjwx-w883	<2.19.4-r10
H Resource Exhaustion	<2.19.4-r10
L GHSA-gq3j-xvxp-8hrf	<2.19.4-r10
L GHSA-67pg-wm7f-q7fj	<2.19.4-r10
L GHSA-p5xg-68wr-hm3m	<2.19.4-r10
L GHSA-9vjf-qc39-jprp	<2.19.4-r10
H Arbitrary Code Injection	<2.19.4-r10
L Improper Encoding or Escaping of Output	<2.19.4-r10
L GHSA-345p-7cg4-v4c7	<2.19.4-r9
L Race Condition	<2.19.4-r9
L Improper Check for Unusual or Exceptional Conditions	<2.19.4-r9
L GHSA-43fc-jf86-j433	<2.19.4-r9
L GHSA-pqxr-3g65-p328	<2.19.4-r7
M Allocation of Resources Without Limits or Throttling	<2.19.4-r7
L GHSA-vm32-vv63-w422	<2.19.4-r7
L GHSA-cjw8-79x6-5cj4	<2.19.4-r7
L GHSA-f8cm-6447-x5h2	<2.19.4-r8
M Race Condition	<2.19.4-r7
M Arbitrary Code Injection	<2.19.4-r7
H Directory Traversal	<2.19.4-r8
L Improper Encoding or Escaping of Output	<2.19.4-r7
L GHSA-95fx-jjr5-f39c	<2.19.4-r7
L GHSA-8mvj-3j78-4qmw	<2.19.4-r7
H Improper Input Validation	<2.19.4-r7
M CVE-2025-13465	<2.19.4-r6
L GHSA-xxjr-mmjv-4gpg	<2.19.4-r6
L GHSA-8r9q-7v3j-jr4g	<2.19.4-r5
H Inefficient Regular Expression Complexity	<2.19.4-r5
L GHSA-x7hr-w5r2-h6wg	<2.19.2-r4
M Cross-site Scripting (XSS)	<2.19.2-r4
L GHSA-jr5f-v2jv-69x6	<2.19.2-r4
L Allocation of Resources Without Limits or Throttling	<2.19.4-r0
M Server-Side Request Forgery (SSRF)	<2.19.2-r4
L GHSA-4hjh-wcwx-xvwj	<2.19.4-r0
L GHSA-w48q-cv73-mx4w	<2.19.4-r3
H Insecure Default Initialization of Resource	<2.19.4-r3
M Integer Overflow or Wraparound	<2.19.4-r2
L GHSA-wqch-xfxh-vrr4	<2.19.4-r2
L GHSA-65ch-62r8-g69g	<2.19.4-r2
L CVE-2025-13466	<2.19.4-r2
L CVE-2025-12816	<2.19.4-r2
H Uncontrolled Recursion	<2.19.4-r2
L GHSA-554w-wpv2-vw27	<2.19.4-r2
L GHSA-5gfm-wpxj-wjgq	<2.19.4-r2
L GHSA-mh29-5h37-fv8m	<2.19.4-r1
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<2.19.4-r1
M Link Following	<2.19.2-r4
L CVE-2025-7783	<2.19.2-r3
L Resource Exhaustion	<2.19.2-r1
H Resource Exhaustion	<2.19.1-r3
L CVE-2025-25977	<2.19.1-r2
L Inefficient Regular Expression Complexity	<2.19.1-r1
M Server-Side Request Forgery (SSRF)	<2.19.1-r0
M CVE-2025-26791	<2.19.0-r1
M Cross-site Scripting (XSS)	<2.19.0-r0
L CVE-2024-21538	<2.17.1-r1
M CVE-2024-4067	<2.17.1-r0
M Cross-site Scripting (XSS)	<2.17.1-r0
L CVE-2024-47764	<2.17.1-r0
M Inefficient Regular Expression Complexity	<2.17.1-r0
L Inefficient Regular Expression Complexity	<2.17.1-r0
L CVE-2024-38996	<2.16.0-r0
L CVE-2024-39001	<2.16.0-r0
L CVE-2024-37890	<2.15.0-r1
L CVE-2024-4068	<2.15.0-r0
L CVE-2024-28863	<2.15.0-r0
M Cross-site Request Forgery (CSRF)	<2.13.0-r0
L CVE-2024-28849	<2.13.0-r0
H Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<2.13.0-r0
M Open Redirect	<2.13.0-r0

Vulnerability

Vulnerable Version

CVE-2026-41139

<2.19.5-r7