Homepage

opensearch-dashboards-3-fips

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the opensearch-dashboards-3-fips package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
GHSA-445q-vr5w-6q77

<3.6.0-r5
  • L
GHSA-gh4j-gqv2-49f6

<3.6.0-r5
  • L
GHSA-pmwg-cvhr-8vh7

<3.6.0-r5
  • L
GHSA-xhjh-pmcv-23jw

<3.6.0-r5
  • L
GHSA-m7pr-hjqh-92cm

<3.6.0-r5
  • L
XML Injection

<3.6.0-r5
  • L
GHSA-62hf-57xw-28j9

<3.6.0-r5
  • L
GHSA-3w6x-2g7m-8v23

<3.6.0-r5
  • L
GHSA-6chq-wfr3-2hj9

<3.6.0-r5
  • L
GHSA-xx6v-rp6x-q39c

<3.6.0-r5
  • L
GHSA-vf2m-468p-8v99

<3.6.0-r5
  • L
GHSA-v2v4-37r5-5v8g

<3.6.0-r5
  • L
Cross-site Scripting (XSS)

<3.6.0-r5
  • L
GHSA-pf86-5x62-jrwf

<3.6.0-r5
  • L
GHSA-5c9x-8gcm-mpgx

<3.6.0-r5
  • L
GHSA-w9j2-pvgh-6h63

<3.6.0-r5
  • L
Cross-site Scripting (XSS)

<3.6.0-r4
  • L
GHSA-crv5-9vww-q3g8

<3.6.0-r4
  • L
GHSA-v9jr-rg53-9pgp

<3.6.0-r4
  • L
GHSA-h7mw-gpvr-xq4m

<3.6.0-r4
  • M
Cross-site Scripting (XSS)

<3.6.0-r4
  • L
GHSA-39q2-94rc-95cp

<3.6.0-r4
  • L
Cross-site Scripting (XSS)

<3.6.0-r4
  • L
GHSA-w5hq-g745-h8pq

<3.6.0-r3
  • H
Out-of-bounds Write

<3.6.0-r3
  • L
Resource Exhaustion

<3.6.0-r0
  • L
GHSA-r4q5-vmmm-2653

<3.6.0-r3
  • L
CVE-2026-5758

<3.6.0-r3
  • L
GHSA-j452-xhg8-qg39

<3.6.0-r3
  • H
Uncontrolled Recursion

<3.6.0-r5
  • L
CRLF Injection

<3.6.0-r5
  • L
Allocation of Resources Without Limits or Throttling

<3.6.0-r5
  • H
Server-Side Request Forgery (SSRF)

<3.6.0-r5
  • L
Permissive Whitelist

<3.6.0-r5
  • L
Allocation of Resources Without Limits or Throttling

<3.6.0-r5
  • L
Improper Encoding or Escaping of Output

<3.6.0-r5
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<3.6.0-r5
  • L
GHSA-q8qp-cvcw-x6jj

<3.6.0-r5
  • M
Improper Authentication

<3.6.0-r5
  • C
Permissive Whitelist

<3.6.0-r5
  • C
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<3.6.0-r5
  • L
HTTP Response Splitting

<3.6.0-r5
  • C
Improperly Controlled Modification of Dynamically-Determined Object Attributes

<3.6.0-r5
  • L
Improperly Controlled Modification of Dynamically-Determined Object Attributes

<3.5.0-r10
  • L
GHSA-rp42-5vxx-qpwr

<3.6.0-r0
  • L
GHSA-6v7q-wjvx-w8wg

<3.5.0-r10
  • L
GHSA-jg4p-7fhp-p32p

<3.5.0-r10
  • L
GHSA-3p68-rc4w-qgx5

<3.5.0-r10
  • L
GHSA-fvcv-3m26-pcqx

<3.5.0-r10
  • L
GHSA-chqc-8p9q-pq6q

<3.5.0-r10
  • M
HTTP Response Splitting

<3.5.0-r10
  • C
Unintended Proxy or Intermediary ('Confused Deputy')

<3.5.0-r10
  • H
Inefficient Regular Expression Complexity

<3.5.0-r10
  • L
CRLF Injection

<3.5.0-r10
  • L
GHSA-jvff-x2qm-6286

<3.5.0-r10
  • L
Algorithmic Complexity

<3.5.0-r9
  • M
CVE-2026-2950

<3.5.0-r9
  • H
Inefficient Regular Expression Complexity

<3.5.0-r9
  • C
CVE-2026-4800

<3.5.0-r9
  • L
GHSA-7r86-cg39-jmmj

<3.5.0-r9
  • L
GHSA-r5fr-rjxr-66jc

<3.5.0-r9
  • L
GHSA-23c5-xmqv-rm74

<3.5.0-r9
  • L
GHSA-f23m-r3pf-42rh

<3.5.0-r9
  • L
Inefficient Regular Expression Complexity

<3.5.0-r9
  • L
Inefficient Regular Expression Complexity

<3.5.0-r9
  • L
GHSA-3ppc-4f35-3m26

<3.5.0-r9
  • L
GHSA-2g4f-4pwh-qvx6

<3.5.0-r9
  • L
Arbitrary Code Injection

<3.5.0-r9
  • L
GHSA-442j-39wm-28r2

<3.5.0-r9
  • L
Arbitrary Code Injection

<3.5.0-r9
  • L
GHSA-2qvq-rjwj-gvw9

<3.5.0-r9
  • L
GHSA-xhpv-hc6g-r9c6

<3.5.0-r9
  • L
GHSA-3mfm-83xf-c92r

<3.5.0-r9
  • L
GHSA-9cx6-37pm-9jff

<3.5.0-r9
  • L
GHSA-7rx3-28cr-v5wh

<3.5.0-r9
  • L
Improper Check for Unusual or Exceptional Conditions

<3.5.0-r9
  • L
Arbitrary Code Injection

<3.5.0-r9
  • H
Cross-site Scripting (XSS)

<3.5.0-r9
  • L
GHSA-xjpj-3mr7-gcpf

<3.5.0-r9
  • M
Cross-site Scripting (XSS)

<3.5.0-r9
  • L
GHSA-2w6w-674q-4c4q

<3.5.0-r9
  • H
Resource Exhaustion

<3.5.0-r8
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<3.5.0-r8
  • L
Improper Validation of Specified Quantity in Input

<3.5.0-r8
  • L
Inefficient Regular Expression Complexity

<3.5.0-r8
  • L
GHSA-f886-m6hf-6m8v

<3.5.0-r8
  • L
GHSA-c2c7-rcm5-vvqj

<3.5.0-r8
  • L
GHSA-3v7f-55p6-f55p

<3.5.0-r8
  • L
GHSA-jp2q-39xq-3w4g

<3.5.0-r8
  • L
Uncontrolled Recursion

<3.5.0-r8
  • L
GHSA-48c2-rrv3-qjmp

<3.5.0-r8
  • M
Cross-site Scripting (XSS)

<3.5.0-r6
  • L
GHSA-7x6v-j9x4-qf24

<3.5.0-r6
  • L
GHSA-v8jm-5vwx-cfxm

<3.5.0-r6
  • L
GHSA-v2wj-7wpq-c8vv

<3.5.0-r6
  • M
Cross-site Scripting (XSS)

<3.5.0-r6
  • M
Improper Encoding or Escaping of Output

<3.5.0-r6
  • M
Cross-site Scripting (XSS)

<3.5.0-r6
  • L
GHSA-wfv2-pwc8-crg5

<3.5.0-r6
  • L
GHSA-gmq8-994r-jv83

<3.5.0-r5
  • M
Off-by-one Error

<3.5.0-r5
  • L
GHSA-5c6j-r48x-rmvq

<3.5.0-r5
  • L
Resource Exhaustion

<3.5.0-r4
  • M
Directory Traversal

<3.5.0-r4
  • L
GHSA-v6h2-p8h4-qcjw

<3.5.0-r4
  • L
GHSA-9ppj-qmqm-q256

<3.5.0-r4
  • H
Arbitrary Code Injection

<3.5.0-r3
  • L
GHSA-6rw7-vpxm-498p

<3.5.0-r3
  • L
GHSA-p5xg-68wr-hm3m

<3.5.0-r3
  • L
Improper Encoding or Escaping of Output

<3.5.0-r3
  • M
Link Following

<3.5.0-r3
  • L
GHSA-9vjf-qc39-jprp

<3.5.0-r3
  • L
GHSA-52f5-9888-hmc6

<3.5.0-r3
  • L
GHSA-67pg-wm7f-q7fj

<3.5.0-r3
  • H
Directory Traversal

<3.5.0-r3
  • L
CVE-2025-15284

<3.5.0-r3
  • L
GHSA-83g3-92jg-28cx

<3.5.0-r3
  • L
CVE-2026-2739

<3.5.0-r3
  • L
GHSA-378v-28hj-76wf

<3.5.0-r3
  • H
Resource Exhaustion

<3.5.0-r3
  • L
GHSA-fj3w-jwp8-x2g3

<3.5.0-r2
  • H
Buffer Overflow

<3.5.0-r2
  • L
GHSA-5rq4-664w-9x2c

<3.5.0-r2
  • C
Directory Traversal

<3.5.0-r2
  • H
CVE-2026-2391

<3.5.0-r1
  • L
GHSA-w7fw-mjwx-w883

<3.5.0-r1
  • L
GHSA-34x7-hfp2-rc4v

<3.5.0-r0
  • L
Directory Traversal

<3.5.0-r0
  • L
GHSA-rx8g-88g5-qh64

<3.5.0-r0
  • M
Improper Handling of Unicode Encoding

<3.5.0-r0
  • L
GHSA-r6q2-hw4h-h46w

<3.5.0-r0
  • L
GHSA-8qq5-rm4j-mr97

<3.5.0-r0
  • M
Directory Traversal

<3.5.0-r0
  • L
CVE-2025-57352

<3.5.0-r0
  • L
CVE-2025-14505

<3.5.0-r0
  • L
GHSA-848j-6mx2-7j84

<3.5.0-r0
  • L
Improper Input Validation

<3.4.0-r4
  • L
GHSA-37qj-frw5-hhjh

<3.4.0-r4
  • L
Improper Check for Unusual or Exceptional Conditions

<3.4.0-r4
  • L
GHSA-43fc-jf86-j433

<3.4.0-r4
  • L
GHSA-vm32-vv63-w422

<3.4.0-r3
  • L
GHSA-95fx-jjr5-f39c

<3.4.0-r3
  • M
Arbitrary Code Injection

<3.4.0-r3
  • L
GHSA-cjw8-79x6-5cj4

<3.4.0-r3
  • L
Improper Encoding or Escaping of Output

<3.4.0-r3
  • M
Race Condition

<3.4.0-r3
  • M
Allocation of Resources Without Limits or Throttling

<3.4.0-r3
  • L
GHSA-pqxr-3g65-p328

<3.4.0-r3
  • L
GHSA-6475-r3vj-m8vf

<3.4.0-r1
  • M
CVE-2025-13465

<3.4.0-r1
  • L
GHSA-xxjr-mmjv-4gpg

<3.4.0-r1
  • L
Allocation of Resources Without Limits or Throttling

<3.4.0-r0
  • L
GHSA-4hjh-wcwx-xvwj

<3.4.0-r0
  • H
Directory Traversal

<3.4.0-r0
  • L
GHSA-8mvj-3j78-4qmw

<3.4.0-r0
  • L
GHSA-f8cm-6447-x5h2

<3.4.0-r0
  • H
Improper Input Validation

<3.4.0-r0
  • L
CVE-2025-12816

<3.2.0-r2
  • L
GHSA-5gfm-wpxj-wjgq

<3.2.0-r2
  • M
Integer Overflow or Wraparound

<3.2.0-r2
  • H
Uncontrolled Recursion

<3.2.0-r2
  • L
GHSA-554w-wpv2-vw27

<3.2.0-r2
  • L
GHSA-65ch-62r8-g69g

<3.2.0-r2
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<3.2.0-r1
  • L
GHSA-mh29-5h37-fv8m

<3.2.0-r1
  • C
CVE-2025-9287

<3.1.0-r4
  • C
CVE-2025-9288

<3.1.0-r4
  • L
CVE-2025-7783

<3.1.0-r2