org.elasticsearch:elasticsearch vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.elasticsearch:elasticsearch package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Allocation of Resources Without Limits or Throttling	[7.0.0-alpha1,8.19.8)[9.0.0-beta1,9.1.8)[9.2.0,9.2.2)
M Insertion of Sensitive Information into Log File	[,8.18.8)[8.19.0,8.19.5)[9.0.0-beta1,9.0.8)[9.1.0,9.1.5)
H Denial of Service (DoS)	[,7.17.25)[8.0.0-alpha1,8.16.0)
M Incorrect Authorization	[8.16.0,8.16.2)
M Missing Encryption of Sensitive Data	[,7.17.23)[8.0.0-alpha1,8.13.0)
M Stack-based Buffer Overflow	[8.13.1,8.14.0)
M Incorrect Authorization	[8.10.0,8.13.0)
M Uncontrolled Recursion	[,7.17.19)[8.0.0-alpha1,8.13.0)
M Insertion of Sensitive Information into Log File	[7.0.0,7.17.16)[8.0.0,8.11.2)
H Improper Handling of Exceptional Conditions	[7.0.0,7.17.14)[8.0.0,8.10.3)
H Uncontrolled Resource Consumption ('Resource Exhaustion')	[,7.17.13)[8.0.0,8.9.0)
M Stack-based Buffer Overflow	[7.0.0,7.17.13)[8.0.0,8.9.1)
H Denial of Service (DoS)	[8.0.0,8.2.1)
M Cross-site Scripting (XSS)	[,7.17.1)[8.0.0,8.0.1)
L Missing Authorization	[,7.17.1)[8.0.0,8.0.1)
M Privilege Escalation	[7.16.0,7.17.1)
M Information Exposure	[7.10.0,7.13.4)
M Improper Access Control	[7.11.0,7.14.0)
M Denial of Service (DoS)	[7.0.0,7.13.3)[,6.8.17)
M Information Disclosure	[7.0.0,7.11.2)[,6.8.15)
L Information Disclosure	[7.0.0,7.11.2)[,6.8.15)
L Information Exposure	[7.6.0,7.11.0)
L Information Disclosure	[,6.8.14)[7.0.0-alpha1,7.10.0)
M Information Disclosure	[7.7.0,7.10.2)
L Information Exposure	[0,6.8.13)[7.0.0,7.9.2)
H Privilege Escalation	[6.7.0,6.8.8)[7.0.0,7.6.2)
H Privilege Escalation	[6.7.0,6.8.8)[7.0.0,7.6.2)
M Arbitrary Code Execution	[,1.2.0)
L Information Exposure	[7.0.0,7.4.0)[6.0.0,6.8.4)
H Information Exposure	[6.0.0,6.3.0)
H Information Exposure	[5.6.0,5.6.12)[6.0.0,6.4.1)
M Information Exposure	[6.4.0,6.4.3)
M XML External Entity (XXE) Injection	[6.5.0,6.5.2)
H Privilege Escalation	[,5.6.15)[6.0.0,6.6.1)
M Race Condition	[,6.8.2)[7.0.0,7.2.1)
M Information Exposure	[6.0.0,6.3.0)
M Cross-site Scripting (XSS)	[,1.4.0.Beta1)
M Directory Traversal	[,1.4.5)[1.5.0,1.5.2)
C Arbitrary Code Execution	[,1.6.1)
M Directory Traversal	[,1.6.1)
H Arbitrary Code Execution	[,1.6.0)
H Improper Access Control	[0.6.0,1.3.8)[1.4.0,1.4.3)

Vulnerability

Vulnerable Version

Allocation of Resources Without Limits or Throttling

[7.0.0-alpha1,8.19.8)[9.0.0-beta1,9.1.8)[9.2.0,9.2.2)

Insertion of Sensitive Information into Log File

[,8.18.8)[8.19.0,8.19.5)[9.0.0-beta1,9.0.8)[9.1.0,9.1.5)

Denial of Service (DoS)

[,7.17.25)[8.0.0-alpha1,8.16.0)

Incorrect Authorization

[8.16.0,8.16.2)

Missing Encryption of Sensitive Data

[,7.17.23)[8.0.0-alpha1,8.13.0)

Stack-based Buffer Overflow

[8.13.1,8.14.0)

Incorrect Authorization

[8.10.0,8.13.0)

Uncontrolled Recursion

[,7.17.19)[8.0.0-alpha1,8.13.0)

Insertion of Sensitive Information into Log File

[7.0.0,7.17.16)[8.0.0,8.11.2)

Improper Handling of Exceptional Conditions

[7.0.0,7.17.14)[8.0.0,8.10.3)

Uncontrolled Resource Consumption ('Resource Exhaustion')

[,7.17.13)[8.0.0,8.9.0)

Stack-based Buffer Overflow

[7.0.0,7.17.13)[8.0.0,8.9.1)

Denial of Service (DoS)

[8.0.0,8.2.1)

Cross-site Scripting (XSS)

[,7.17.1)[8.0.0,8.0.1)

Missing Authorization

[,7.17.1)[8.0.0,8.0.1)

Privilege Escalation

[7.16.0,7.17.1)

Information Exposure

[7.10.0,7.13.4)

Improper Access Control

[7.11.0,7.14.0)

Denial of Service (DoS)

[7.0.0,7.13.3)[,6.8.17)

Information Disclosure

[7.0.0,7.11.2)[,6.8.15)

Information Disclosure

[7.0.0,7.11.2)[,6.8.15)

Information Exposure

[7.6.0,7.11.0)

Information Disclosure

[,6.8.14)[7.0.0-alpha1,7.10.0)

Information Disclosure

[7.7.0,7.10.2)

Information Exposure

[0,6.8.13)[7.0.0,7.9.2)

Privilege Escalation

[6.7.0,6.8.8)[7.0.0,7.6.2)

Privilege Escalation

[6.7.0,6.8.8)[7.0.0,7.6.2)

Arbitrary Code Execution

[,1.2.0)

Information Exposure

[7.0.0,7.4.0)[6.0.0,6.8.4)

Information Exposure

[6.0.0,6.3.0)

Information Exposure

[5.6.0,5.6.12)[6.0.0,6.4.1)

Information Exposure

[6.4.0,6.4.3)

XML External Entity (XXE) Injection

[6.5.0,6.5.2)

Privilege Escalation

[,5.6.15)[6.0.0,6.6.1)

Race Condition

[,6.8.2)[7.0.0,7.2.1)

Information Exposure

[6.0.0,6.3.0)

Cross-site Scripting (XSS)

[,1.4.0.Beta1)

Directory Traversal

[,1.4.5)[1.5.0,1.5.2)

Arbitrary Code Execution

[,1.6.1)

Directory Traversal

[,1.6.1)

Arbitrary Code Execution

[,1.6.0)

Improper Access Control

[0.6.0,1.3.8)[1.4.0,1.4.3)

Package versions

475 VERSIONS IN TOTAL See all versions

version	published	direct vulnerabilities
9.2.4	13 Jan, 2026	0 C 0 H 0 M 0 L
9.2.3	19 Dec, 2025	0 C 0 H 0 M 0 L
9.2.2	2 Dec, 2025	0 C 0 H 0 M 0 L
9.2.1	12 Nov, 2025	0 C 0 H 1 M 0 L
9.2.0	23 Oct, 2025	0 C 0 H 1 M 0 L
9.1.10	13 Jan, 2026	0 C 0 H 0 M 0 L
9.1.9	19 Dec, 2025	0 C 0 H 0 M 0 L
9.1.8	2 Dec, 2025	0 C 0 H 0 M 0 L
9.1.7	12 Nov, 2025	0 C 0 H 1 M 0 L
9.1.6	23 Oct, 2025	0 C 0 H 1 M 0 L