wazuh-dashboard

Direct Vulnerabilities

Known vulnerabilities in the wazuh-dashboard package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L GHSA-34x7-hfp2-rc4v	<4.14.5-r0
L GHSA-r6q2-hw4h-h46w	<4.14.5-r0
H Directory Traversal	<4.14.5-r0
L GHSA-8qq5-rm4j-mr97	<4.14.5-r0
L Directory Traversal	<4.14.5-r0
L GHSA-83g3-92jg-28cx	<4.14.5-r0
M Directory Traversal	<4.14.5-r0
M Improper Handling of Unicode Encoding	<4.14.5-r0
M Directory Traversal	<4.14.5-r0
L GHSA-qffp-2rhf-9h96	<4.14.5-r0
L GHSA-69xw-7hcm-h432	<4.14.4-r4
L GHSA-hm8q-7f3q-5f36	<4.14.4-r4
L GHSA-9vqf-7f2p-gf9v	<4.14.4-r4
L CVE-2026-6321	<4.14.4-r4
L GHSA-p77w-8qqv-26rm	<4.14.4-r4
L CVE-2026-6322	<4.14.4-r4
L Information Exposure Through Caching	<4.14.4-r4
L GHSA-v2v4-37r5-5v8g	<4.14.4-r4
L GHSA-qp7p-654g-cw7p	<4.14.4-r4
M Arbitrary Code Injection	<4.14.4-r4
M Cross-site Scripting (XSS)	<4.14.4-r4
L Improper Validation of Specified Quantity in Input	<4.14.4-r4
L Resource Exhaustion	<4.14.4-r4
L GHSA-v39h-62p7-jpjc	<4.14.4-r4
L Arbitrary Code Injection	<4.14.4-r4
L GHSA-q3j6-qgpj-74h6	<4.14.4-r4
H Resource Exhaustion	<4.14.4-r3
L GHSA-qj8w-gfj5-8c6v	<4.14.4-r3
L GHSA-h7mw-gpvr-xq4m	<4.14.4-r3
L GHSA-crv5-9vww-q3g8	<4.14.4-r3
L GHSA-v9jr-rg53-9pgp	<4.14.4-r3
L Cross-site Scripting (XSS)	<4.14.4-r3
L Resource Exhaustion	<4.14.4-r3
L GHSA-j452-xhg8-qg39	<4.14.4-r3
L Cross-site Scripting (XSS)	<4.14.4-r3
L GHSA-r4q5-vmmm-2653	<4.14.4-r3
L GHSA-458j-xx4x-4375	<4.14.4-r3
L GHSA-39q2-94rc-95cp	<4.14.4-r3
L CVE-2026-5758	<4.14.4-r3
L GHSA-rp42-5vxx-qpwr	<4.14.4-r3
L GHSA-w5hq-g745-h8pq	<4.14.4-r3
M Cross-site Scripting (XSS)	<4.14.4-r3
H Out-of-bounds Write	<4.14.4-r3
L Improperly Controlled Modification of Dynamically-Determined Object Attributes	<4.14.4-r2
L GHSA-jvff-x2qm-6286	<4.14.4-r2
M HTTP Response Splitting	<4.14.4-r2
L GHSA-fvcv-3m26-pcqx	<4.14.4-r2
C Unintended Proxy or Intermediary ('Confused Deputy')	<4.14.4-r2
L GHSA-3p68-rc4w-qgx5	<4.14.4-r2
L GHSA-chqc-8p9q-pq6q	<4.14.4-r2
L CRLF Injection	<4.14.4-r2
L GHSA-6v7q-wjvx-w8wg	<4.14.4-r2
L GHSA-vpq2-c234-7xj6	<4.14.4-r1
L CVE-2026-3449	<4.14.4-r1
L Loop with Unreachable Exit Condition ('Infinite Loop')	<4.14.4-r1
C Improper Certificate Validation	<4.14.4-r1
L GHSA-27v5-c462-wpq7	<4.14.4-r1
C CVE-2026-4800	<4.14.4-r1
L Uncontrolled Recursion	<4.14.4-r1
M Cross-site Scripting (XSS)	<4.14.4-r1
L Arbitrary Code Injection	<4.14.4-r1
L GHSA-2328-f5f3-gj25	<4.14.4-r1
L GHSA-r5fr-rjxr-66jc	<4.14.4-r1
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<4.14.4-r1
L GHSA-7rx3-28cr-v5wh	<4.14.4-r1
L GHSA-3mfm-83xf-c92r	<4.14.4-r1
L GHSA-cjmm-f4jc-qw8r	<4.14.4-r1
L Improper Check for Unusual or Exceptional Conditions	<4.14.4-r1
L GHSA-c2c7-rcm5-vvqj	<4.14.4-r1
L Inefficient Regular Expression Complexity	<4.14.4-r1
L GHSA-q67f-28xg-22rw	<4.14.4-r1
M CVE-2026-2950	<4.14.4-r1
L GHSA-9cx6-37pm-9jff	<4.14.4-r1
L GHSA-v8jm-5vwx-cfxm	<4.14.4-r1
L Improper Input Validation	<4.14.4-r1
L Arbitrary Code Injection	<4.14.4-r1
L Arbitrary Code Injection	<4.14.4-r1
L GHSA-cj63-jhhr-wcxv	<4.14.4-r1
L Improper Verification of Cryptographic Signature	<4.14.4-r1
M Cross-site Scripting (XSS)	<4.14.4-r1
L GHSA-h8r8-wccr-v5f2	<4.14.4-r1
L GHSA-2qvq-rjwj-gvw9	<4.14.4-r1
L GHSA-v2wj-7wpq-c8vv	<4.14.4-r1
L CVE-2026-4923	<4.14.4-r1
L GHSA-xjpj-3mr7-gcpf	<4.14.4-r1
L GHSA-xhpv-hc6g-r9c6	<4.14.4-r1
H Cross-site Scripting (XSS)	<4.14.4-r1
H Resource Exhaustion	<4.14.4-r1
L Inefficient Regular Expression Complexity	<4.14.4-r1
L GHSA-48c2-rrv3-qjmp	<4.14.4-r1
L GHSA-2g4f-4pwh-qvx6	<4.14.4-r1
L GHSA-3v7f-55p6-f55p	<4.14.4-r1
L CVE-2026-4926	<4.14.4-r1
L GHSA-f886-m6hf-6m8v	<4.14.4-r1
L GHSA-5m6q-g25r-mvwx	<4.14.4-r1
L GHSA-ppp5-5v6c-4jwp	<4.14.4-r1
L GHSA-2w6w-674q-4c4q	<4.14.4-r1
L GHSA-j3q9-mxjg-w52f	<4.14.4-r1
L GHSA-442j-39wm-28r2	<4.14.4-r1
M Cross-site Scripting (XSS)	<4.14.4-r1
L GHSA-f23m-r3pf-42rh	<4.14.4-r1

Vulnerability

Vulnerable Version

GHSA-34x7-hfp2-rc4v

<4.14.5-r0