kibana-8.19-advanced

Direct Vulnerabilities

Known vulnerabilities in the kibana-8.19-advanced package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L Uncontrolled Recursion	*
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
L CVE-2026-6321	*
L CVE-2026-6322	*
H Arbitrary Code Injection	*
L Arbitrary Code Injection	*
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
L XML Injection	*
L CVE-2026-44902	*
L CVE-2026-45134	*
L CVE-2026-44724	*
L Improper Input Validation	*
L Resource Exhaustion	*
L Improper Handling of Unicode Encoding	*
H Uncontrolled Recursion	*
L Improper Encoding or Escaping of Output	*
H Server-Side Request Forgery (SSRF)	*
C Permissive Whitelist	*
L Allocation of Resources Without Limits or Throttling	*
C Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
L HTTP Response Splitting	*
L Allocation of Resources Without Limits or Throttling	*
L Permissive Whitelist	*
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
M Improper Authentication	*
L CRLF Injection	*
M Cross-site Scripting (XSS)	*
C Improperly Controlled Modification of Dynamically-Determined Object Attributes	*
L Arbitrary Code Injection	<8.19.15-r0
L CVE-2025-13204	<8.19.15-r0
C Deserialization of Untrusted Data	<8.19.15-r0
L Loop with Unreachable Exit Condition ('Infinite Loop')	<8.19.15-r0
L Inefficient Regular Expression Complexity	<8.19.15-r0
L Improper Input Validation	<8.19.15-r0
C Improper Certificate Validation	<8.19.15-r0
H Resource Exhaustion	<8.19.15-r0
L GHSA-c7w3-x93f-qmm8	*
M Cross-site Scripting (XSS)	<8.19.15-r0
L Improper Verification of Cryptographic Signature	<8.19.15-r0
L Uncontrolled Recursion	*
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<8.19.15-r0
L GHSA-442j-39wm-28r2	<8.19.15-r0
L Arbitrary Code Injection	<8.19.15-r0
L Improper Check for Unusual or Exceptional Conditions	<8.19.15-r0
L Arbitrary Code Injection	<8.19.15-r0
H Cross-site Scripting (XSS)	<8.19.15-r0
L Arbitrary Code Injection	<8.19.15-r0
L GHSA-7rx3-28cr-v5wh	<8.19.15-r0
H Inefficient Regular Expression Complexity	<8.19.15-r0
L CRLF Injection	<8.19.15-r0
C CVE-2026-4800	*
L GHSA-vvjj-xcjg-gr5g	*
M CVE-2026-2950	*
C Unintended Proxy or Intermediary ('Confused Deputy')	<8.19.15-r0
L Information Exposure	*
M HTTP Response Splitting	<8.19.15-r0
L GHSA-6v7q-wjvx-w8wg	*
L GHSA-39q2-94rc-95cp	*
C Arbitrary Code Injection	<8.19.15-r0
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
L GHSA-r4q5-vmmm-2653	*
L Resource Exhaustion	*
L GHSA-w5hq-g745-h8pq	*
M Cross-site Scripting (XSS)	*
L Cross-site Scripting (XSS)	*
L XML Injection	*
L Cross-site Scripting (XSS)	*
M CVE-2026-33461	<8.19.14-r0
L CVE-2026-33460	<8.19.14-r0
L CVE-2026-4498	<8.19.14-r0
L CVE-2026-33459	<8.19.14-r0
L Resource Exhaustion	<8.19.13-r0
L Improper Validation of Specified Quantity in Input	<8.19.14-r0
L Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')	<8.19.14-r0
L GHSA-cjmm-f4jc-qw8r	<8.19.13-r0
L GHSA-cj63-jhhr-wcxv	<8.19.13-r0
L GHSA-h8r8-wccr-v5f2	<8.19.13-r0
L CVE-2026-26931	<8.19.13-r0
M CVE-2026-26940	<8.19.13-r0
L CVE-2026-26939	<8.19.12-r0
L OS Command Injection	<8.19.13-r0
L CVE-2026-3449	*
C CVE-2026-1525	<8.19.15-r0
L Algorithmic Complexity	<8.19.13-r0
L CVE-2026-1528	<8.19.15-r0
C Directory Traversal	<8.19.13-r0
M Directory Traversal	<8.19.13-r0
L CVE-2026-1527	<8.19.15-r0
L CVE-2026-1526	<8.19.15-r0
L Inefficient Regular Expression Complexity	<8.19.13-r0
H Server-Side Request Forgery (SSRF)	<8.19.15-r0
M Cross-site Scripting (XSS)	<8.19.13-r0
M Off-by-one Error	<8.19.13-r0
H Buffer Overflow	<8.19.14-r0
L CVE-2026-2229	<8.19.15-r0
M Directory Traversal	<8.19.13-r0
L CVE-2026-26934	<8.19.12-r0
H CVE-2026-26936	<8.19.11-r0
H CVE-2026-26937	<8.19.11-r0
H CVE-2026-26935	<8.19.12-r0
M CVE-2025-25009	<8.19.5-r0
L CVE-2025-68387	<8.19.9-r0
L CVE-2025-68389	<8.19.9-r0
M CVE-2025-68385	<8.19.9-r0
L CVE-2026-0531	<8.19.10-r0
L CVE-2026-0532	<8.19.10-r0
L CVE-2025-68422	<8.19.7-r0
M CVE-2025-25018	<8.19.5-r0
L CVE-2025-37734	<8.19.7-r0
L CVE-2025-37728	<8.19.5-r0
L CVE-2025-37732	<8.19.8-r0
L CVE-2025-68386	<8.19.8-r0
M CVE-2025-25017	<8.19.4-r0
H CVE-2026-0528	<8.19.10-r0
L Allocation of Resources Without Limits or Throttling	<8.19.10-r0
L CVE-2026-0530	<8.19.10-r0
L Incorrect Regular Expression	<8.19.12-r0
L Inefficient Regular Expression Complexity	<8.19.13-r0
H CVE-2026-2327	<8.19.13-r0
L OS Command Injection	*
H Directory Traversal	<8.19.12-r0
H OS Command Injection	*
H Inefficient Regular Expression Complexity	<8.19.13-r0
L Server-Side Request Forgery (SSRF)	<8.19.15-r0
L Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')	<8.19.12-r0
L CVE-2026-2739	*
L Server-Side Request Forgery (SSRF)	<8.19.15-r0
L Improper Check for Unusual or Exceptional Conditions	<8.19.13-r0
L Improper Input Validation	*
L Directory Traversal	<8.19.12-r0
M CVE-2025-13465	<8.19.12-r0
M Improper Handling of Unicode Encoding	<8.19.11-r0
H Allocation of Resources Without Limits or Throttling	<8.19.11-r0
M Directory Traversal	<8.19.11-r0
L GHSA-6475-r3vj-m8vf	<8.19.12-r0

Vulnerability

Vulnerable Version

Uncontrolled Recursion