opensearch-dashboards-2

Direct Vulnerabilities

Known vulnerabilities in the opensearch-dashboards-2 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
Allocation of Resources Without Limits or Throttling

<2.19.6-r0
  • L
Allocation of Resources Without Limits or Throttling

<2.19.6-r0
  • L
Information Exposure Through Caching

<2.19.6-r0
  • M
CVE-2026-2950

<2.19.6-r0
  • L
Insufficient Verification of Data Authenticity

<2.19.6-r0
  • L
Incorrect Regular Expression

<2.19.6-r0
  • L
GHSA-v8w9-8mx6-g223

<2.19.6-r0
  • M
Cross-site Scripting (XSS)

<2.19.6-r0
  • L
GHSA-39q2-94rc-95cp

<2.19.6-r0
  • L
CVE-2026-56761

<2.19.6-r0
  • H
Server-Side Request Forgery (SSRF)

<2.19.6-r0
  • L
CVE-2026-4923

<2.19.6-r0
  • M
Incorrect Behavior Order: Validate Before Canonicalize

<2.19.6-r0
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<2.19.6-r0
  • M
Improper Authorization

<2.19.6-r0
  • L
GHSA-x4vx-rjvf-j5p4

<2.19.6-r0
  • L
Improper Encoding or Escaping of Output

<2.19.6-r0
  • L
Cross-site Scripting (XSS)

<2.19.6-r0
  • M
Directory Traversal

<2.19.6-r0
  • L
Inappropriate Comment Style

<2.19.6-r0
  • L
Resource Exhaustion

<2.19.6-r0
  • L
Interpretation Conflict

<2.19.6-r0
  • M
Cross-site Scripting (XSS)

<2.19.6-r0
  • L
HTTP Request Smuggling

<2.19.6-r0
  • L
GHSA-cj63-jhhr-wcxv

<2.19.6-r0
  • L
GHSA-76mc-f452-cxcm

<2.19.6-r0
  • C
Unintended Proxy or Intermediary ('Confused Deputy')

<2.19.6-r0
  • L
GHSA-cmwh-pvxp-8882

<2.19.6-r0
  • L
Permissive Whitelist

<2.19.6-r0
  • L
Inefficient Regular Expression Complexity

<2.19.6-r0
  • L
GHSA-442j-39wm-28r2

<2.19.6-r0
  • L
Arbitrary Code Injection

<2.19.6-r0
  • H
Uncontrolled Recursion

<2.19.6-r0
  • L
GHSA-r4q5-vmmm-2653

<2.19.6-r0
  • L
Improper Input Validation

<2.19.6-r0
  • L
CVE-2026-49978

<2.19.6-r0
  • L
CVE-2026-49458

<2.19.6-r0
  • L
Resource Exhaustion

<2.19.6-r0
  • L
Directory Traversal

<2.19.6-r0
  • L
Improper Validation of Specified Quantity in Input

<2.19.6-r0
  • M
HTTP Response Splitting

<2.19.6-r0
  • M
Cross-site Scripting (XSS)

<2.19.6-r0
  • L
Arbitrary Code Injection

<2.19.6-r0
  • L
CVE-2026-2739

<2.19.6-r0
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<2.19.6-r0
  • L
GHSA-26pp-8wgv-hjvm

<2.19.6-r0
  • H
Resource Exhaustion

<2.19.6-r0
  • L
GHSA-h8r8-wccr-v5f2

<2.19.6-r0
  • M
Improper Authentication

<2.19.6-r0
  • M
Arbitrary Code Injection

<2.19.6-r0
  • L
Use of Less Trusted Source

<2.19.6-r0
  • L
GHSA-cjmm-f4jc-qw8r

<2.19.6-r0
  • L
Cross-site Scripting (XSS)

<2.19.6-r0
  • M
Cross-site Scripting (XSS)

<2.19.6-r0
  • L
Improper Encoding or Escaping of Output

<2.19.6-r0
  • L
GHSA-vxr8-fq34-vvx9

<2.19.6-r0
  • H
Directory Traversal

<2.19.6-r0
  • L
GHSA-gvmj-g25r-r7wr

<2.19.6-r0
  • L
CVE-2026-49459

<2.19.6-r0
  • L
GHSA-7rx3-28cr-v5wh

<2.19.6-r0
  • M
HTTP Response Splitting

<2.19.6-r0
  • L
Directory Traversal

<2.19.6-r0
  • L
CRLF Injection

<2.19.6-r0
  • C
Improperly Controlled Modification of Dynamically-Determined Object Attributes

<2.19.6-r0
  • L
Inefficient Regular Expression Complexity

<2.19.6-r0
  • L
Allocation of Resources Without Limits or Throttling

<2.19.6-r0
  • L
Unintended Proxy or Intermediary ('Confused Deputy')

<2.19.6-r0
  • L
Improper Verification of Cryptographic Signature

<2.19.6-r0
  • M
Directory Traversal

<2.19.6-r0
  • L
Inefficient Regular Expression Complexity

<2.19.6-r0
  • L
CVE-2026-44974

<2.19.6-r0
  • L
Arbitrary Code Injection

<2.19.6-r0
  • H
Inefficient Regular Expression Complexity

<2.19.6-r0
  • L
CVE-2026-12143

*
  • C
Improper Handling of URL Encoding (Hex Encoding)

<2.19.6-r0
  • H
Cross-site Scripting (XSS)

<2.19.6-r0
  • L
Improper Check for Unusual or Exceptional Conditions

<2.19.6-r0
  • C
Improper Certificate Validation

<2.19.6-r0
  • L
Loop with Unreachable Exit Condition ('Infinite Loop')

<2.19.6-r0
  • C
Permissive Whitelist

<2.19.6-r0
  • L
Incorrect Authorization

<2.19.6-r0
  • H
Inefficient Regular Expression Complexity

<2.19.6-r0
  • L
Improper Input Validation

<2.19.6-r0
  • L
HTTP Response Splitting

<2.19.6-r0
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<2.19.6-r0
  • L
Overly Permissive Cross-domain Whitelist

<2.19.6-r0
  • L
CVE-2026-4926

<2.19.6-r0
  • L
Arbitrary Code Injection

<2.19.6-r0
  • L
Server-Side Request Forgery (SSRF)

<2.19.6-r0
  • C
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<2.19.6-r0
  • L
Improper Check for Unusual or Exceptional Conditions

<2.19.6-r0
  • L
Allocation of Resources Without Limits or Throttling

<2.19.6-r0
  • L
Information Exposure

<2.19.6-r0
  • H
Information Exposure

<2.19.6-r0
  • L
Arbitrary Code Injection

<2.19.6-r0
  • L
Resource Exhaustion

<2.19.6-r0
  • C
CVE-2026-4800

<2.19.6-r0
  • L
CVE-2026-6321

*
  • L
GHSA-5c6j-r48x-rmvq

<2.19.6-r0
  • L
CVE-2026-6322

*
  • L
Arbitrary Code Injection

<2.19.6-r0