kibana-7 | Snyk

Direct Vulnerabilities

Known vulnerabilities in the kibana-7 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L CVE-2026-44979	*
L CVE-2026-44974	*
L CVE-2026-46625	*
H Use of Uninitialized Resource	*
L Resource Exhaustion	*
M Cross-site Scripting (XSS)	*
H Server-Side Request Forgery (SSRF)	*
L Allocation of Resources Without Limits or Throttling	*
L HTTP Response Splitting	*
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
L Permissive Whitelist	*
L CRLF Injection	*
L Improper Encoding or Escaping of Output	*
H Uncontrolled Recursion	*
C Improperly Controlled Modification of Dynamically-Determined Object Attributes	*
C Permissive Whitelist	*
M Improper Authentication	*
C Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
L Allocation of Resources Without Limits or Throttling	*
H Out-of-bounds Write	*
L CVE-2026-5758	*
L GHSA-rp42-5vxx-qpwr	*
L GHSA-r4q5-vmmm-2653	*
M HTTP Response Splitting	*
L GHSA-6v7q-wjvx-w8wg	*
C Unintended Proxy or Intermediary ('Confused Deputy')	*
L GHSA-vvjj-xcjg-gr5g	*
L Resource Exhaustion	*
L Arbitrary Code Injection	*
H Resource Exhaustion	*
L Arbitrary Code Injection	*
L GHSA-c7w3-x93f-qmm8	*
L Inefficient Regular Expression Complexity	*
L Improper Input Validation	*
H Cross-site Scripting (XSS)	*
L GHSA-442j-39wm-28r2	*
L GHSA-7rx3-28cr-v5wh	*
L Arbitrary Code Injection	*
C Improper Certificate Validation	*
M CVE-2026-2950	*
C CVE-2026-4800	*
H Inefficient Regular Expression Complexity	*
L Loop with Unreachable Exit Condition ('Infinite Loop')	*
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
L Improper Check for Unusual or Exceptional Conditions	*
L Improper Verification of Cryptographic Signature	*
M Cross-site Scripting (XSS)	*
M Off-by-one Error	*
M Directory Traversal	*
M Directory Traversal	*
L CVE-2026-3449	*
L Inefficient Regular Expression Complexity	*
L Algorithmic Complexity	*
M CVE-2025-25012	<7.17.29-r0
H CVE-2026-0528	<7.17.29-r0
C Directory Traversal	*
M Improperly Implemented Security Check for Standard	*
L CVE-2025-68389	*
M CVE-2025-25018	*
M CVE-2025-68385	*
M CVE-2025-25009	*
L CVE-2026-0531	*
L CVE-2025-68422	*
L CVE-2025-37732	*
L CVE-2026-0530	*
L CVE-2025-68387	*
M CVE-2025-25017	*
M CVE-2024-23443	*
L CVE-2025-68386	*
L CVE-2025-37728	*
L Allocation of Resources Without Limits or Throttling	*
L CVE-2026-0532	*
H Inefficient Regular Expression Complexity	*
H Directory Traversal	*
H CVE-2026-2327	*
L Improper Check for Unusual or Exceptional Conditions	*
M CVE-2025-13465	*
L Directory Traversal	*
M Improper Handling of Unicode Encoding	*
M Directory Traversal	*
H Improper Check or Handling of Exceptional Conditions	*
L CVE-2025-12816	*
L GHSA-rcmh-qjqh-p98v	*
M Integer Overflow or Wraparound	*
H Uncontrolled Recursion	*
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
H Improper Validation of Syntactic Correctness of Input	*
L Directory Traversal	*
L Inefficient Regular Expression Complexity	<7.17.29-r0
L CVE-2024-12905	<7.17.29-r0
M Cross-site Scripting (XSS)	*
M Server-Side Request Forgery (SSRF)	<7.17.29-r0
L Resource Exhaustion	<7.17.29-r0
L Allocation of Resources Without Limits or Throttling	*
L Directory Traversal	<7.17.29-r0
L CVE-2025-7783	*

Vulnerability

Vulnerable Version

CVE-2026-44979