Homepage

opensearch-dashboards-2 vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the opensearch-dashboards-2 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
GHSA-gmq8-994r-jv83

<2.19.5-r1
  • M
Off-by-one Error

<2.19.5-r1
  • L
GHSA-83g3-92jg-28cx

<2.19.4-r15
  • L
CVE-2026-3449

<2.19.4-r15
  • L
GHSA-2g4f-4pwh-qvx6

<2.19.4-r15
  • L
Inefficient Regular Expression Complexity

<2.19.4-r15
  • H
Directory Traversal

<2.19.4-r15
  • L
GHSA-8qq5-rm4j-mr97

<2.19.4-r15
  • L
GHSA-7r86-cg39-jmmj

<2.19.4-r15
  • L
GHSA-9ppj-qmqm-q256

<2.19.4-r15
  • M
Directory Traversal

<2.19.4-r15
  • L
Inefficient Regular Expression Complexity

<2.19.4-r15
  • M
Improper Handling of Unicode Encoding

<2.19.4-r15
  • M
Directory Traversal

<2.19.4-r15
  • L
GHSA-r6q2-hw4h-h46w

<2.19.4-r15
  • L
Algorithmic Complexity

<2.19.4-r15
  • L
GHSA-3ppc-4f35-3m26

<2.19.4-r15
  • L
GHSA-qffp-2rhf-9h96

<2.19.4-r15
  • L
GHSA-34x7-hfp2-rc4v

<2.19.4-r15
  • M
Directory Traversal

<2.19.4-r15
  • L
GHSA-vpq2-c234-7xj6

<2.19.4-r15
  • L
Directory Traversal

<2.19.4-r15
  • H
Inefficient Regular Expression Complexity

<2.19.4-r15
  • L
GHSA-23c5-xmqv-rm74

<2.19.4-r15
  • L
GHSA-46wh-pxpv-q5gq

<2.19.4-r14
  • M
Cross-site Scripting (XSS)

<2.19.4-r14
  • L
Allocation of Resources Without Limits or Throttling

<2.19.4-r14
  • L
GHSA-v8w9-8mx6-g223

<2.19.4-r14
  • L
GHSA-v2wj-7wpq-c8vv

<2.19.4-r14
  • L
GHSA-378v-28hj-76wf

<2.19.4-r13
  • L
CVE-2026-2739

<2.19.4-r13
  • M
Arbitrary Code Injection

<2.19.4-r7
  • L
CVE-2025-13466

<2.19.4-r2
  • M
Inefficient Regular Expression Complexity

<2.19.1-r3
  • L
GHSA-mmhx-hmjr-r674

<2.19.1-r3
  • L
CVE-2025-25977

<2.19.1-r2
  • H
Uncontrolled Recursion

<2.19.4-r2
  • L
CVE-2024-47764

<2.19.1-r3
  • L
GHSA-vm32-vv63-w422

<2.19.4-r7
  • L
GHSA-65ch-62r8-g69g

<2.19.4-r2
  • L
GHSA-67pg-wm7f-q7fj

<2.19.4-r10
  • L
CVE-2025-7783

<2.19.2-r4
  • M
Integer Overflow or Wraparound

<2.19.4-r2
  • H
CVE-2026-2391

<2.19.4-r10
  • L
GHSA-952p-6rrq-rcjv

<2.19.1-r3
  • L
Inefficient Regular Expression Complexity

<2.19.1-r3
  • L
GHSA-52f5-9888-hmc6

<2.19.2-r5
  • L
GHSA-345p-7cg4-v4c7

<2.19.4-r8
  • L
Resource Exhaustion

<2.19.2-r2
  • L
Race Condition

<2.19.4-r8
  • L
GHSA-fjxv-7rqg-78g4

<2.19.2-r4
  • L
GHSA-wqch-xfxh-vrr4

<2.19.4-r2
  • L
GHSA-pqxr-3g65-p328

<2.19.4-r7
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<2.19.4-r1
  • L
GHSA-95fx-jjr5-f39c

<2.19.4-r7
  • L
CVE-2025-12816

<2.19.4-r2
  • L
Improper Encoding or Escaping of Output

<2.19.4-r10
  • L
GHSA-9vjf-qc39-jprp

<2.19.4-r10
  • M
Link Following

<2.19.2-r5
  • L
Improper Check for Unusual or Exceptional Conditions

<2.19.4-r9
  • L
GHSA-w48q-cv73-mx4w

<2.19.4-r3
  • L
GHSA-9wv6-86v2-598j

<2.19.1-r3
  • L
GHSA-pxg6-pf52-xh8x

<2.19.1-r3
  • M
CVE-2025-26791

<2.19.0-r1
  • L
GHSA-p8p7-x288-28g6

<2.19.1-r0
  • L
GHSA-mh29-5h37-fv8m

<2.19.4-r1
  • L
GHSA-gq3j-xvxp-8hrf

<2.19.4-r10
  • L
GHSA-3xgq-45jj-v275

<2.18.0-r0
  • L
GHSA-43fc-jf86-j433

<2.19.4-r9
  • H
Insecure Default Initialization of Resource

<2.19.4-r3
  • L
GHSA-vhxf-7vqr-mrjg

<2.19.0-r1
  • L
Improper Encoding or Escaping of Output

<2.19.4-r7
  • L
GHSA-5rq4-664w-9x2c

<2.19.4-r12
  • C
Directory Traversal

<2.19.4-r12
  • L
GHSA-w7fw-mjwx-w883

<2.19.4-r10
  • M
Allocation of Resources Without Limits or Throttling

<2.19.4-r7
  • L
GHSA-v6h2-p8h4-qcjw

<2.19.2-r2
  • L
GHSA-cjw8-79x6-5cj4

<2.19.4-r7
  • M
Race Condition

<2.19.4-r7
  • H
Resource Exhaustion

<2.19.4-r10
  • M
Server-Side Request Forgery (SSRF)

<2.19.1-r0
  • L
CVE-2024-21538

<2.18.0-r0
  • H
Resource Exhaustion

<2.19.1-r3
  • L
GHSA-xxjr-mmjv-4gpg

<2.19.4-r6
  • M
CVE-2025-13465

<2.19.4-r6
  • L
GHSA-968p-4wvh-cqc8

<2.19.1-r1
  • L
GHSA-5gfm-wpxj-wjgq

<2.19.4-r2
  • M
CVE-2024-4067

<2.19.1-r3
  • H
Arbitrary Code Injection

<2.19.4-r10
  • L
GHSA-p5xg-68wr-hm3m

<2.19.4-r10
  • L
GHSA-w532-jxjh-hjhj

<2.19.1-r3
  • L
Inefficient Regular Expression Complexity

<2.19.1-r1
  • L
GHSA-v2mw-5mch-w8c5

<2.19.1-r2
  • L
GHSA-554w-wpv2-vw27

<2.19.4-r2
  • L
GHSA-876p-c77m-x2hc

<2.16.0-r0
  • L
CVE-2024-38996

<2.16.0-r0
  • L
GHSA-328p-362g-r48j

<2.16.0-r0
  • L
CVE-2024-39001

<2.16.0-r0
  • L
GHSA-3h5v-q93c-6h6q

<2.15.0-r1
  • L
CVE-2024-37890

<2.15.0-r1
  • L
CVE-2024-4068

<2.15.0-r0
  • L
GHSA-f5x3-32g6-xq36

<2.15.0-r0
  • L
GHSA-grv7-fg5c-xmjg

<2.15.0-r0
  • L
CVE-2024-28863

<2.15.0-r0
  • L
CVE-2024-28849

<2.13.0-r0
  • L
GHSA-cxjh-pqwp-8mfp

<2.13.0-r0
  • L
GHSA-c429-5p7v-vgjp

<2.11.1-r2
  • L
GHSA-wf5p-g6vw-rhxx

<2.11.1-r2
  • L
GHSA-jchw-25xp-jwwc

<2.11.1-r2
  • M
Cross-site Request Forgery (CSRF)

<2.11.1-r2
  • L
GHSA-2jcg-qqmg-46q6

<2.11.1-r2
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<2.11.1-r2
  • M
Open Redirect

<2.11.1-r2