kibana-9.3-advanced

Direct Vulnerabilities

Known vulnerabilities in the kibana-9.3-advanced package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
GHSA-gvmj-g25r-r7wr

<9.3.7-r0
  • L
CVE-2026-49458

<9.3.7-r0
  • L
GHSA-76mc-f452-cxcm

<9.3.7-r0
  • L
CVE-2026-49459

<9.3.7-r0
  • L
CVE-2026-49978

<9.3.7-r0
  • L
Uncontrolled Recursion

<9.3.7-r0
  • L
GHSA-x4vx-rjvf-j5p4

<9.3.7-r0
  • L
CVE-2026-12143

<9.3.7-r0
  • L
CVE-2026-48801

<9.3.7-r0
  • L
GHSA-cmwh-pvxp-8882

<9.3.7-r0
  • L
Uncontrolled Recursion

<9.3.7-r0
  • L
Algorithmic Complexity

<9.3.7-r0
  • L
Resource Exhaustion

<9.3.7-r0
  • L
GHSA-vxr8-fq34-vvx9

<9.3.7-r0
  • L
CVE-2026-48049

<9.3.6-r0
  • L
Cross-site Scripting (XSS)

<9.3.6-r0
  • M
HTTP Response Splitting

<9.3.6-r0
  • L
Overly Permissive Cross-domain Whitelist

<9.3.6-r0
  • L
Improper Encoding or Escaping of Output

<9.3.6-r0
  • L
Directory Traversal

<9.3.6-r0
  • L
CVE-2026-45618

<9.3.6-r0
  • L
Resource Exhaustion

<9.3.6-r0
  • M
HTTP Response Splitting

<9.3.6-r0
  • M
Improper Authorization

<9.3.6-r0
  • M
CVE-2026-42401

<9.3.6-r0
  • L
Insufficient Verification of Data Authenticity

<9.3.6-r0
  • L
Use of Less Trusted Source

<9.3.6-r0
  • L
Resource Exhaustion

<9.3.6-r0
  • L
CVE-2026-48069

<9.3.6-r0
  • L
CVE-2026-48068

<9.3.6-r0
  • L
CVE-2026-33464

<9.3.6-r0
  • L
Inefficient Regular Expression Complexity

<9.3.6-r0
  • L
Interpretation Conflict

<9.3.6-r0
  • L
Incorrect Regular Expression

<9.3.6-r0
  • L
XML Injection

<9.3.6-r0
  • L
Resource Exhaustion

<9.3.6-r0
  • L
HTTP Request Smuggling

<9.3.6-r0
  • L
CVE-2026-48022

<9.3.6-r0
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<9.3.6-r0
  • L
Information Exposure

<9.3.6-r0
  • L
Resource Exhaustion

<9.3.6-r0
  • L
Allocation of Resources Without Limits or Throttling

<9.3.6-r0
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<9.3.6-r0
  • L
Server-Side Request Forgery (SSRF)

<9.3.6-r0
  • L
Protection Mechanism Failure

<9.3.6-r0
  • H
Information Exposure

<9.3.6-r0
  • L
CVE-2026-48038

<9.3.5-r0
  • L
Unintended Proxy or Intermediary ('Confused Deputy')

<9.3.6-r0
  • H
Resource Exhaustion

<9.3.6-r0
  • L
CVE-2026-42398

<9.3.2-r1
  • L
CVE-2026-42400

<9.3.5-r0
  • H
CVE-2026-33462

<9.3.5-r0
  • L
CVE-2026-49095

<9.3.5-r0
  • L
CVE-2026-33463

<9.3.5-r0
  • L
Arbitrary Code Injection

<9.3.5-r0
  • L
CVE-2026-42399

<9.3.5-r0
  • H
CVE-2026-49093

<9.3.3-r0
  • L
Permissive Whitelist

<9.3.5-r0
  • L
CVE-2026-44979

<9.3.5-r0
  • H
Uncontrolled Recursion

<9.3.5-r0
  • L
CVE-2026-44974

<9.3.5-r0
  • L
CVE-2026-8723

<9.3.5-r0
  • H
Use of Uninitialized Resource

<9.3.5-r0
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<9.3.5-r0
  • L
Improper Handling of Unicode Encoding

<9.3.5-r0
  • L
Improper Input Validation

<9.3.5-r0
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<9.3.5-r0
  • H
Arbitrary Code Injection

<9.3.5-r0
  • L
Improper Handling of Exceptional Conditions

<9.3.6-r0
  • L
Improper Validation of Specified Quantity in Input

<9.3.5-r0
  • L
Deserialization of Untrusted Data

<9.3.5-r0
  • L
Information Exposure Through Caching

<9.3.5-r0
  • L
XML Injection

<9.3.6-r0
  • L
OS Command Injection

<9.3.6-r0
  • L
Arbitrary Code Injection

<9.3.5-r0
  • L
CVE-2026-6321

<9.3.6-r0
  • L
CVE-2026-6322

<9.3.6-r0
  • L
Uncontrolled Recursion

<9.3.5-r0
  • L
Resource Exhaustion

<9.3.5-r0
  • L
Resource Exhaustion

<9.3.5-r0
  • M
Arbitrary Code Injection

<9.3.5-r0
  • L
Arbitrary Code Injection

<9.3.5-r0
  • M
Improper Authentication

<9.3.5-r0
  • C
Permissive Whitelist

<9.3.5-r0
  • H
Uncontrolled Recursion

<9.3.5-r0
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<9.3.5-r0
  • L
CRLF Injection

<9.3.5-r0
  • L
Allocation of Resources Without Limits or Throttling

<9.3.5-r0
  • M
Cross-site Scripting (XSS)

<9.3.5-r0
  • L
Improper Encoding or Escaping of Output

<9.3.5-r0
  • H
Server-Side Request Forgery (SSRF)

<9.3.5-r0
  • L
Allocation of Resources Without Limits or Throttling

<9.3.5-r0
  • C
Improperly Controlled Modification of Dynamically-Determined Object Attributes

<9.3.5-r0
  • C
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<9.3.5-r0
  • L
HTTP Response Splitting

<9.3.5-r0
  • L
Uncontrolled Recursion

<9.3.6-r0
  • L
GHSA-v8w9-8mx6-g223

<9.3.4-r0
  • L
Loop with Unreachable Exit Condition ('Infinite Loop')

<9.3.4-r0
  • H
Resource Exhaustion

<9.3.4-r0
  • M
Cross-site Scripting (XSS)

*
  • L
Improper Verification of Cryptographic Signature

<9.3.4-r0
  • L
Improper Input Validation

<9.3.4-r0
  • L
GHSA-c7w3-x93f-qmm8

<9.3.5-r0
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<9.3.4-r0
  • C
Improper Certificate Validation

<9.3.4-r0
  • L
Inefficient Regular Expression Complexity

<9.3.4-r0
  • L
GHSA-7rx3-28cr-v5wh

<9.3.4-r0
  • H
Cross-site Scripting (XSS)

<9.3.4-r0
  • L
Arbitrary Code Injection

<9.3.4-r0
  • L
Improper Check for Unusual or Exceptional Conditions

<9.3.4-r0
  • L
GHSA-442j-39wm-28r2

<9.3.4-r0
  • L
Arbitrary Code Injection

<9.3.4-r0
  • L
Arbitrary Code Injection

<9.3.4-r0
  • L
CVE-2026-4923

<9.3.4-r0
  • L
CVE-2026-4926

<9.3.4-r0
  • L
Directory Traversal

<9.3.4-r0
  • M
CVE-2026-2950

<9.3.5-r0
  • L
Improper Input Validation

<9.3.4-r0
  • L
GHSA-26pp-8wgv-hjvm

<9.3.4-r0
  • M
Directory Traversal

<9.3.4-r0
  • H
CVE-2026-39412

<9.3.4-r0
  • L
CRLF Injection

<9.3.4-r0
  • H
Inefficient Regular Expression Complexity

<9.3.4-r0
  • H
Symlink Following

<9.3.4-r0
  • L
Directory Traversal

<9.3.4-r0
  • M
Resource Exhaustion

<9.3.4-r0
  • H
Directory Traversal

<9.3.4-r0
  • M
Incorrect Behavior Order: Validate Before Canonicalize

<9.3.4-r0
  • L
GHSA-vvjj-xcjg-gr5g

<9.3.5-r0
  • C
CVE-2026-4800

<9.3.5-r0
  • L
GHSA-458j-xx4x-4375

<9.3.4-r0
  • L
Resource Exhaustion

<9.3.5-r0
  • L
GHSA-r4q5-vmmm-2653

<9.3.5-r0
  • L
GHSA-6v7q-wjvx-w8wg

<9.3.5-r0
  • L
Information Exposure

<9.3.5-r0
  • C
Arbitrary Code Injection

<9.3.5-r0
  • L
GHSA-39q2-94rc-95cp

<9.3.5-r0
  • M
HTTP Response Splitting

<9.3.4-r0
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<9.3.5-r0
  • C
Unintended Proxy or Intermediary ('Confused Deputy')

<9.3.4-r0
  • L
Cross-site Scripting (XSS)

<9.3.5-r0
  • L
XML Injection

*
  • L
Cross-site Scripting (XSS)

<9.3.5-r0
  • M
Cross-site Scripting (XSS)

<9.3.5-r0
  • L
GHSA-w5hq-g745-h8pq

*
  • M
Uncontrolled Recursion

<9.3.6-r0
  • H
CVE-2026-33458

<9.3.3-r0
  • L
CVE-2026-33459

<9.3.3-r0
  • L
CVE-2026-33460

<9.3.3-r0
  • M
CVE-2026-33461

<9.3.3-r0
  • L
CVE-2026-4498

<9.3.3-r0
  • L
Improper Input Validation

<9.3.3-r0
  • L
Improper Input Validation

<9.3.3-r0
  • L
Resource Exhaustion

<9.3.2-r1
  • L
Improper Validation of Specified Quantity in Input

<9.3.3-r0
  • L
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

<9.3.3-r0
  • L
GHSA-cj63-jhhr-wcxv

<9.3.2-r1
  • L
GHSA-cjmm-f4jc-qw8r

<9.3.2-r1
  • L
GHSA-h8r8-wccr-v5f2

<9.3.2-r1
  • M
CVE-2026-26940

<9.3.2-r1
  • L
CVE-2026-26939

<9.3.1-r0
  • M
Off-by-one Error

<9.3.2-r1
  • L
CVE-2026-3449

<9.3.5-r0
  • L
Incorrect Authorization

<9.3.2-r1
  • C
CVE-2026-1525

<9.3.5-r0
  • H
Directory Traversal

<9.3.3-r0
  • L
CVE-2026-1526

<9.3.5-r0
  • L
CVE-2026-2581

<9.3.5-r0
  • M
Cross-site Scripting (XSS)

<9.3.2-r1
  • M
Directory Traversal

<9.3.2-r1
  • L
CVE-2026-1527

<9.3.5-r0
  • L
CVE-2026-1528

<9.3.5-r0
  • L
CVE-2026-2229

<9.3.5-r0
  • M
Directory Traversal

<9.3.2-r1
  • H
CVE-2026-26938

<9.3.1-r0
  • L
Inefficient Regular Expression Complexity

<9.3.2-r1
  • H
CVE-2026-26935

<9.3.1-r0
  • L
Algorithmic Complexity

<9.3.2-r1
  • H
Buffer Overflow

<9.3.3-r0
  • L
CVE-2026-26934

<9.3.1-r0
  • C
Directory Traversal

<9.3.2-r1
  • L
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

<9.3.1-r0
  • H
Directory Traversal

<9.3.1-r0
  • L
Incorrect Regular Expression

<9.3.1-r0
  • L
Inefficient Regular Expression Complexity

<9.3.2-r1
  • H
OS Command Injection

<9.3.6-r0
  • H
Inefficient Regular Expression Complexity

<9.3.2-r1
  • L
OS Command Injection

<9.3.6-r0
  • H
CVE-2026-2391

<9.3.2-r1
  • L
CVE-2026-2739

*
  • H
CVE-2026-2327

<9.3.2-r1
  • L
Improper Check for Unusual or Exceptional Conditions

<9.3.2-r1
  • L
Race Condition

<9.3.2-r1
  • L
GHSA-6475-r3vj-m8vf

<9.3.1-r0
  • M
CVE-2025-13465

<9.3.1-r0
  • L
Improper Input Validation

<9.3.1-r0
  • L
CVE-2025-15284

<9.3.2-r1
  • L
Server-Side Request Forgery (SSRF)

<9.3.4-r0
  • L
OS Command Injection

<9.3.3-r0
  • L
Directory Traversal

<9.3.1-r0
  • M
Cross-site Scripting (XSS)

*
  • C
Deserialization of Untrusted Data

<9.3.4-r0