kibana-9.4

Direct Vulnerabilities

Known vulnerabilities in the kibana-9.4 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • H
Resource Exhaustion

<9.4.3-r0
  • L
GHSA-jxxr-4gwj-5jf2

<9.4.3-r0
  • L
GHSA-vmf3-w455-68vh

<9.4.2-r8
  • L
Interpretation Conflict

<9.4.2-r8
  • L
GHSA-8988-4f7v-96qf

<9.4.2-r8
  • L
Allocation of Resources Without Limits or Throttling

<9.4.2-r8
  • L
GHSA-p6gq-j5cr-w38f

<9.4.2-r7
  • L
CVE-2026-49458

<9.4.2-r6
  • L
GHSA-hpcv-96wg-7vj8

<9.4.2-r6
  • L
GHSA-22p9-wv53-3rq4

<9.4.2-r6
  • L
GHSA-wqvq-jvpq-h66f

<9.4.2-r6
  • L
CVE-2026-48801

<9.4.2-r6
  • L
GHSA-vxr8-fq34-vvx9

<9.4.2-r6
  • L
GHSA-76mc-f452-cxcm

<9.4.2-r6
  • L
GHSA-vxpw-j846-p89q

<9.4.2-r5
  • L
CVE-2026-9697

<9.4.2-r5
  • L
Resource Exhaustion

<9.4.2-r6
  • L
CVE-2026-12151

<9.4.2-r5
  • L
GHSA-35p6-xmwp-9g52

<9.4.2-r5
  • L
GHSA-268h-hp4c-crq3

<9.4.2-r6
  • L
GHSA-r47g-fvhr-h676

<9.4.2-r6
  • L
CVE-2026-9678

<9.4.2-r5
  • L
GHSA-pr7r-676h-xcf6

<9.4.2-r5
  • L
GHSA-hm92-r4w5-c3mj

<9.4.2-r5
  • L
Algorithmic Complexity

<9.4.2-r6
  • L
CVE-2026-6734

<9.4.2-r5
  • L
Resource Exhaustion

<9.4.2-r4
  • L
GHSA-gvmj-g25r-r7wr

<9.4.2-r6
  • L
CVE-2026-12143

<9.4.2-r6
  • L
GHSA-p88m-4jfj-68fv

<9.4.2-r5
  • L
GHSA-vmh5-mc38-953g

<9.4.2-r5
  • L
GHSA-hmw2-7cc7-3qxx

<9.4.2-r6
  • L
GHSA-cmwh-pvxp-8882

<9.4.2-r6
  • L
CVE-2026-6733

<9.4.2-r5
  • L
GHSA-h67p-54hq-rp68

<9.4.2-r6
  • L
GHSA-6v5v-wf23-fmfq

<9.4.2-r6
  • L
GHSA-r7g4-qg5f-qqm2

<9.4.2-r6
  • L
CVE-2026-11525

<9.4.2-r5
  • L
GHSA-96hv-2xvq-fx4p

<9.4.2-r4
  • L
GHSA-x4vx-rjvf-j5p4

<9.4.2-r6
  • L
CVE-2026-9679

<9.4.2-r5
  • L
CVE-2026-49459

<9.4.2-r6
  • L
CVE-2026-49978

<9.4.2-r6
  • L
GHSA-g8m3-5g58-fq7m

<9.4.2-r5
  • L
GHSA-rp9w-3fw7-7cwq

<9.4.2-r6
  • L
GHSA-f577-qrjj-4474

<9.4.2-r3
  • L
HTTP Request Smuggling

<9.4.2-r3
  • L
GHSA-5375-pq7m-f5r2

<9.4.2-r3
  • L
GHSA-xrhx-7g5j-rcj5

<9.4.2-r3
  • L
CVE-2026-48049

<9.4.2-r3
  • L
CVE-2026-48069

<9.4.2-r3
  • L
CVE-2026-48068

<9.4.2-r3
  • L
GHSA-2gcr-mfcq-wcc3

<9.4.2-r3
  • L
Incorrect Regular Expression

<9.4.2-r3
  • L
GHSA-99f4-grh7-6pcq

<9.4.2-r3
  • L
GHSA-rcvq-m9j9-6f4g

<9.4.2-r3
  • M
Improper Authorization

<9.4.2-r3
  • L
CVE-2026-48022

<9.4.2-r3
  • L
GHSA-x426-x7cc-3fpc

<9.4.2-r3
  • M
HTTP Response Splitting

<9.4.2-r3
  • L
GHSA-3hrh-pfw6-9m5x

<9.4.2-r3
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<9.4.2-r2
  • L
GHSA-fx83-v9x8-x52w

<9.4.2-r2
  • L
Arbitrary Code Injection

<9.4.2-r2
  • L
GHSA-66ff-xgx4-vchm

<9.4.2-r2
  • L
Uncontrolled Recursion

<9.4.2-r2
  • L
GHSA-2pr8-phx7-x9h3

<9.4.2-r2
  • L
GHSA-685m-2w69-288q

<9.4.2-r2
  • L
GHSA-q6x5-8v7m-xcrf

<9.4.2-r2
  • H
Arbitrary Code Injection

<9.4.2-r2
  • L
GHSA-jggg-4jg4-v7c6

<9.4.2-r2
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<9.4.2-r2
  • L
GHSA-75px-5xx7-5xc7

<9.4.2-r2
  • H
Uncontrolled Recursion

<9.4.2-r2
  • L
GHSA-jvwf-75h9-cwgg

<9.4.2-r2
  • L
Improper Input Validation

<9.4.2-r2
  • L
Improper Handling of Unicode Encoding

<9.4.2-r2
  • L
GHSA-4rc3-7j7w-m548

<9.4.2-r1
  • M
Cross-site Scripting (XSS)

<9.4.2-r1
  • L
GHSA-v39h-62p7-jpjc

<9.4.2-r1
  • L
CVE-2026-6321

<9.4.2-r1
  • L
CVE-2026-2739

<9.4.2-r1
  • L
XML Injection

<9.4.2-r1
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<9.4.2-r1
  • M
Cross-site Scripting (XSS)

<9.4.2-r0
  • L
OS Command Injection

<9.4.2-r1
  • L
GHSA-9x9p-qf8f-mvjg

<9.4.2-r1
  • L
CVE-2026-44974

<9.4.2-r0
  • L
Resource Exhaustion

<9.4.2-r0
  • L
GHSA-v2v4-37r5-5v8g

<9.4.2-r0
  • L
GHSA-q3j6-qgpj-74h6

<9.4.2-r1
  • L
Server-Side Request Forgery (SSRF)

<9.4.2-r1
  • L
GHSA-qjx8-664m-686j

<9.4.2-r1
  • L
GHSA-654m-c8p4-x5fp

<9.4.2-r1
  • L
GHSA-378v-28hj-76wf

<9.4.2-r1
  • L
GHSA-r7g9-xpmj-5fcq

<9.4.2-r1
  • L
GHSA-hh27-hf48-9f5q

<9.4.2-r1
  • L
GHSA-q7rr-3cgh-j5r3

<9.4.2-r1
  • L
GHSA-hm8q-7f3q-5f36

<9.4.2-r0
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<9.4.2-r1
  • L
GHSA-898c-q2cr-xwhg

<9.4.2-r1
  • L
GHSA-9c88-49p5-5ggf

<9.4.2-r1
  • L
GHSA-58qx-3vcg-4xpx

<9.4.2-r0
  • L
Resource Exhaustion

<9.4.2-r1
  • L
Protection Mechanism Failure

<9.4.2-r1
  • L
GHSA-r5fr-rjxr-66jc

<9.4.2-r0
  • L
GHSA-8xx9-69p8-7jp3

<9.4.2-r1
  • M
HTTP Response Splitting

<9.4.2-r1
  • L
GHSA-vhjm-w67q-g75c

<9.4.2-r0
  • L
GHSA-69xw-7hcm-h432

<9.4.2-r0
  • L
CVE-2026-44979

<9.4.2-r0
  • L
GHSA-36hh-x5p5-jgc8

<9.4.2-r0
  • L
GHSA-gf2q-c269-pqgc

<9.4.2-r1
  • L
Cross-site Scripting (XSS)

<9.4.2-r1
  • H
OS Command Injection

<9.4.2-r1
  • L
Resource Exhaustion

<9.4.2-r1
  • L
GHSA-5wm8-gmm8-39j9

<9.4.2-r1
  • L
Uncontrolled Recursion

<9.4.2-r1
  • L
GHSA-35jp-ww65-95wh

<9.4.2-r1
  • L
XML Injection

<9.4.2-r1
  • M
Arbitrary Code Injection

<9.4.2-r0
  • L
GHSA-pjwm-pj3p-43mv

<9.4.2-r1
  • L
Deserialization of Untrusted Data

<9.4.2-r0
  • L
GHSA-qp7p-654g-cw7p

<9.4.2-r0
  • L
GHSA-f23m-r3pf-42rh

<9.4.2-r0
  • L
Inefficient Regular Expression Complexity

<9.4.2-r1
  • L
GHSA-2qv6-9wx5-cwv4

<9.4.2-r1
  • L
GHSA-48c2-rrv3-qjmp

<9.4.2-r1
  • L
GHSA-vvjj-xcjg-gr5g

<9.4.2-r0
  • L
GHSA-w5hq-g745-h8pq

<9.4.2-r1
  • L
GHSA-5vv4-hvf7-2h46

<9.4.2-r1
  • L
CVE-2026-6322

<9.4.2-r1
  • L
Information Exposure Through Caching

<9.4.2-r0
  • M
CVE-2026-2950

<9.4.2-r0
  • L
GHSA-gh4j-gqv2-49f6

<9.4.2-r1
  • L
Improper Handling of Exceptional Conditions

<9.4.2-r1
  • L
GHSA-p77w-8qqv-26rm

<9.4.2-r0
  • L
XML Injection

<9.4.2-r1
  • L
GHSA-q8mj-m7cp-5q26

<9.4.2-r0
  • L
GHSA-45c6-75p6-83cc

<9.4.2-r1
  • C
CVE-2026-4800

<9.4.2-r0
  • L
GHSA-hvx9-hwr7-wjj9

<9.4.2-r1
  • H
Out-of-bounds Write

<9.4.2-r1
  • L
Unintended Proxy or Intermediary ('Confused Deputy')

<9.4.2-r1
  • L
GHSA-3644-q5cj-c5c7

<9.4.2-r0
  • M
Uncontrolled Recursion

<9.4.2-r1
  • L
Arbitrary Code Injection

<9.4.2-r0
  • L
OS Command Injection

<9.4.2-r1
  • L
GHSA-9vqf-7f2p-gf9v

<9.4.2-r0
  • L
CVE-2026-45618

<9.4.2-r1
  • L
Improper Validation of Specified Quantity in Input

<9.4.2-r0
  • L
GHSA-c7w3-x93f-qmm8

<9.4.2-r0
  • L
GHSA-x7hr-w5r2-h6wg

<9.4.2-r1
  • H
Use of Uninitialized Resource

<9.4.2-r0
  • L
CVE-2026-8723

<9.4.2-r0
  • L
CVE-2026-3449

<9.4.1-r2
  • L
GHSA-vpq2-c234-7xj6

<9.4.1-r2
  • L
GHSA-rp42-5vxx-qpwr

<9.4.1-r0
  • L
Resource Exhaustion

<9.4.1-r0
  • L
GHSA-r4q5-vmmm-2653

<9.4.1-r0
  • L
GHSA-rpmf-866q-6p89

<9.4.1-r0
  • L
GHSA-6v7q-wjvx-w8wg

<9.4.1-r0
  • L
Resource Exhaustion

<9.4.1-r0