wazuh-dashboard-fips

Direct Vulnerabilities

Known vulnerabilities in the wazuh-dashboard-fips package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • H
Inefficient Regular Expression Complexity

<4.14.6-r2
  • L
GHSA-wc69-rhjr-hc9g

<4.14.6-r2
  • L
GHSA-8hfj-j24r-96c4

<4.14.6-r2
  • H
Directory Traversal

<4.14.6-r2
  • L
GHSA-f6ww-3ggp-fr8h

<4.14.6-r1
  • L
GHSA-2v35-w6hq-6mfw

<4.14.6-r1
  • L
Uncontrolled Recursion

<4.14.6-r1
  • L
GHSA-crh6-fp67-6883

<4.14.6-r1
  • L
GHSA-rf6f-7fwh-wjgh

<4.14.6-r1
  • M
XML Injection

<4.14.6-r1
  • C
Improper Validation of Consistency within Input

<4.14.6-r1
  • M
Interpretation Conflict

<4.14.6-r1
  • L
GHSA-5fg8-2547-mr8q

<4.14.6-r1
  • L
GHSA-37ch-88jc-xwx2

<4.14.6-r1
  • L
GHSA-25h7-pfq9-p65f

<4.14.6-r1
  • L
GHSA-x6wf-f3px-wcqx

<4.14.6-r1
  • C
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<4.14.6-r1
  • L
CVE-2026-4867

<4.14.6-r1
  • L
GHSA-j759-j44w-7fr8

<4.14.6-r1
  • L
XML Injection

<4.14.6-r1
  • L
GHSA-h6q6-9hqw-rwfv

<4.14.6-r1
  • L
XML Injection

<4.14.6-r1
  • L
Uncontrolled Recursion

<4.14.6-r1
  • L
GHSA-wh4c-j3r5-mjhp

<4.14.6-r1
  • L
XML Injection

<4.14.6-r1
  • L
XML Injection

<4.14.6-r1
  • L
GHSA-3ppc-4f35-3m26

<4.14.5-r11
  • L
Inefficient Regular Expression Complexity

<4.14.5-r11
  • L
Algorithmic Complexity

<4.14.5-r11
  • L
GHSA-23c5-xmqv-rm74

<4.14.5-r11
  • H
Inefficient Regular Expression Complexity

<4.14.5-r11
  • L
GHSA-7r86-cg39-jmmj

<4.14.5-r11
  • L
GHSA-2328-f5f3-gj25

<4.14.5-r10
  • L
GHSA-5m6q-g25r-mvwx

<4.14.5-r10
  • L
Improper Verification of Cryptographic Signature

<4.14.5-r10
  • L
Improper Input Validation

<4.14.5-r10
  • C
Improper Certificate Validation

<4.14.5-r10
  • L
Loop with Unreachable Exit Condition ('Infinite Loop')

<4.14.5-r10
  • L
GHSA-ppp5-5v6c-4jwp

<4.14.5-r10
  • L
GHSA-q67f-28xg-22rw

<4.14.5-r10
  • L
GHSA-hmw2-7cc7-3qxx

<4.14.5-r7
  • L
Cross-site Scripting (XSS)

<4.14.5-r7
  • H
Cross-site Scripting (XSS)

<4.14.5-r8
  • L
GHSA-xhpv-hc6g-r9c6

<4.14.5-r8
  • L
GHSA-76mc-f452-cxcm

<4.14.5-r7
  • L
CVE-2026-12143

<4.14.5-r7
  • L
GHSA-hpcv-96wg-7vj8

<4.14.5-r7
  • L
Cross-site Scripting (XSS)

<4.14.5-r7
  • L
GHSA-vmf3-w455-68vh

<4.14.5-r7
  • L
GHSA-2w6w-674q-4c4q

<4.14.5-r8
  • L
Improper Check for Unusual or Exceptional Conditions

<4.14.5-r8
  • L
GHSA-r47g-fvhr-h676

<4.14.5-r7
  • L
GHSA-xjpj-3mr7-gcpf

<4.14.5-r8
  • L
Interpretation Conflict

<4.14.5-r7
  • L
GHSA-cmwh-pvxp-8882

<4.14.5-r7
  • L
Arbitrary Code Injection

<4.14.5-r8
  • L
GHSA-7c78-jf6q-g5cm

<4.14.5-r7
  • L
GHSA-7rx3-28cr-v5wh

<4.14.5-r8
  • L
Arbitrary Code Injection

<4.14.5-r8
  • L
GHSA-442j-39wm-28r2

<4.14.5-r8
  • L
GHSA-vxr8-fq34-vvx9

<4.14.5-r7
  • L
Cross-site Scripting (XSS)

<4.14.5-r7
  • L
GHSA-gvmj-g25r-r7wr

<4.14.5-r7
  • L
GHSA-2qvq-rjwj-gvw9

<4.14.5-r8
  • L
GHSA-96hv-2xvq-fx4p

<4.14.5-r7
  • L
GHSA-x4vx-rjvf-j5p4

<4.14.5-r7
  • L
Resource Exhaustion

<4.14.5-r7
  • L
Improper Input Validation

<4.14.5-r7
  • L
GHSA-rp9w-3fw7-7cwq

<4.14.5-r7
  • L
GHSA-9cx6-37pm-9jff

<4.14.5-r8
  • M
Cross-site Scripting (XSS)

<4.14.5-r8
  • L
GHSA-3mfm-83xf-c92r

<4.14.5-r8
  • L
Arbitrary Code Injection

<4.14.5-r8
  • L
Use of Less Trusted Source

<4.14.5-r6
  • L
GHSA-wgpf-jwqj-8h8p

<4.14.5-r6
  • L
Improper Encoding or Escaping of Output

<4.14.5-r6
  • L
Overly Permissive Cross-domain Whitelist

<4.14.5-r6
  • L
Insufficient Verification of Data Authenticity

<4.14.5-r6
  • L
Directory Traversal

<4.14.5-r6
  • L
GHSA-j6c9-x7qj-28xf

<4.14.5-r6
  • L
GHSA-wwfh-h76j-fc44

<4.14.5-r6
  • L
GHSA-rv63-4mwf-qqc2

<4.14.5-r6
  • L
GHSA-88fw-hqm2-52qc

<4.14.5-r6
  • L
GHSA-p92q-9vqr-4j8v

<4.14.5-r5
  • L
GHSA-hfxv-24rg-xrqf

<4.14.5-r5
  • C
Improperly Controlled Modification of Dynamically-Determined Object Attributes

<4.14.5-r5
  • L
Arbitrary Code Injection

<4.14.5-r5
  • L
GHSA-j5f8-grm9-p9fc

<4.14.5-r5
  • L
GHSA-898c-q2cr-xwhg

<4.14.5-r5
  • L
GHSA-pjwm-pj3p-43mv

<4.14.5-r5
  • L
Allocation of Resources Without Limits or Throttling

<4.14.5-r5
  • L
GHSA-q8qp-cvcw-x6jj

<4.14.5-r5
  • L
Information Exposure

<4.14.5-r5
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<4.14.5-r5
  • L
Unintended Proxy or Intermediary ('Confused Deputy')

<4.14.5-r5
  • H
Information Exposure

<4.14.5-r5
  • L
GHSA-3g43-6gmg-66jw

<4.14.5-r5
  • L
GHSA-35jp-ww65-95wh

<4.14.5-r5
  • C
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<4.14.5-r5
  • L
Server-Side Request Forgery (SSRF)

<4.14.5-r5
  • L
GHSA-3w6x-2g7m-8v23

<4.14.5-r5
  • L
Resource Exhaustion

<4.14.5-r5
  • L
GHSA-777c-7fjr-54vf

<4.14.5-r5
  • L
GHSA-9ppj-qmqm-q256

<4.14.5-r4
  • M
Directory Traversal

<4.14.5-r4
  • L
GHSA-ph9p-34f9-6g65

<4.14.5-r3
  • L
CVE-2026-44974

<4.14.5-r3
  • L
GHSA-36hh-x5p5-jgc8

<4.14.5-r3
  • H
Directory Traversal

<4.14.5-r3
  • L
GHSA-46wh-pxpv-q5gq

<4.14.5-r2
  • L
Allocation of Resources Without Limits or Throttling

<4.14.5-r2
  • L
Incorrect Authorization

<4.14.5-r2
  • L
Directory Traversal

<4.14.5-r2
  • L
GHSA-92pp-h63x-v22m

<4.14.5-r2
  • L
CVE-2026-8723

<4.14.5-r1
  • L
GHSA-q8mj-m7cp-5q26

<4.14.5-r1
  • L
GHSA-wc8c-qw6v-h7f6

<4.14.5-r2
  • L
GHSA-298w-vvm4-ww55

<4.14.5-r0
  • L
GHSA-83g3-92jg-28cx

<4.14.5-r0
  • L
GHSA-qffp-2rhf-9h96

<4.14.5-r0
  • H
Directory Traversal

<4.14.5-r0
  • L
GHSA-r6q2-hw4h-h46w

<4.14.5-r0
  • L
GHSA-34x7-hfp2-rc4v

<4.14.5-r0
  • M
Improper Handling of Unicode Encoding

<4.14.5-r0
  • M
Directory Traversal

<4.14.5-r0
  • L
GHSA-8qq5-rm4j-mr97

<4.14.5-r0
  • L
Directory Traversal

<4.14.5-r0
  • M
Directory Traversal

<4.14.5-r0
  • L
GHSA-hm8q-7f3q-5f36

<4.14.4-r3
  • L
GHSA-v39h-62p7-jpjc

<4.14.4-r3
  • H
Use of Uninitialized Resource

<4.14.4-r3
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<4.14.4-r3
  • L
Information Exposure Through Caching

<4.14.4-r3
  • L
Arbitrary Code Injection

<4.14.4-r3
  • L
Improper Validation of Specified Quantity in Input

<4.14.4-r3
  • M
Arbitrary Code Injection

<4.14.4-r3
  • L
CVE-2026-6322

<4.14.4-r3
  • L
Resource Exhaustion

<4.14.4-r3
  • L
GHSA-v2v4-37r5-5v8g

<4.14.4-r3
  • M
Cross-site Scripting (XSS)

<4.14.4-r3
  • L
GHSA-58qx-3vcg-4xpx

<4.14.4-r3
  • L
GHSA-69xw-7hcm-h432

<4.14.4-r3
  • L
GHSA-qjx8-664m-686j

<4.14.4-r3
  • L
GHSA-9vqf-7f2p-gf9v

<4.14.4-r3
  • L
GHSA-qp7p-654g-cw7p

<4.14.4-r3
  • L
GHSA-p77w-8qqv-26rm

<4.14.4-r3
  • L
GHSA-qj8w-gfj5-8c6v

<4.14.4-r2
  • H
Resource Exhaustion

<4.14.4-r2
  • L
GHSA-q3j6-qgpj-74h6

<4.14.4-r2
  • L
CVE-2026-6321

<4.14.4-r2
  • H
Out-of-bounds Write

<4.14.4-r2
  • L
CVE-2026-5758

<4.14.4-r2
  • L
Cross-site Scripting (XSS)

<4.14.4-r2
  • L
GHSA-crv5-9vww-q3g8

<4.14.4-r2
  • L
GHSA-h7mw-gpvr-xq4m

<4.14.4-r2
  • L
GHSA-39q2-94rc-95cp

<4.14.4-r2
  • L
GHSA-v9jr-rg53-9pgp

<4.14.4-r2
  • M
Cross-site Scripting (XSS)

<4.14.4-r2
  • L
GHSA-j452-xhg8-qg39

<4.14.4-r2
  • L
GHSA-w5hq-g745-h8pq

<4.14.4-r2
  • L
Cross-site Scripting (XSS)

<4.14.4-r2
  • L
Permissive Whitelist

<4.14.5-r5
  • L
GHSA-xx6v-rp6x-q39c

<4.14.5-r5
  • H
Uncontrolled Recursion

<4.14.5-r5
  • L
CRLF Injection

<4.14.5-r5
  • L
Allocation of Resources Without Limits or Throttling

<4.14.5-r5
  • L
GHSA-445q-vr5w-6q77

<4.14.5-r5
  • L
HTTP Response Splitting

<4.14.5-r5
  • L
GHSA-pmwg-cvhr-8vh7

<4.14.5-r5
  • M
Improper Authentication

<4.14.5-r5
  • H
Server-Side Request Forgery (SSRF)

<4.14.5-r5
  • C
Permissive Whitelist

<4.14.5-r5
  • L
GHSA-6chq-wfr3-2hj9

<4.14.5-r5
  • L
GHSA-m7pr-hjqh-92cm

<4.14.5-r5
  • L
GHSA-vf2m-468p-8v99

<4.14.5-r5
  • L
GHSA-xhjh-pmcv-23jw

<4.14.5-r5
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<4.14.5-r5
  • L
GHSA-w9j2-pvgh-6h63

<4.14.5-r5
  • L
Improper Encoding or Escaping of Output

<4.14.5-r5
  • L
GHSA-62hf-57xw-28j9

<4.14.5-r5
  • L
Allocation of Resources Without Limits or Throttling

<4.14.5-r5
  • L
GHSA-pf86-5x62-jrwf

<4.14.5-r5
  • L
GHSA-5c9x-8gcm-mpgx

<4.14.5-r5