org.elasticsearch:elasticsearch vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.elasticsearch:elasticsearch package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Denial of Service (DoS)	[,7.17.25)[8.0.0-alpha1,8.16.0)
M Incorrect Authorization	[8.16.0,8.16.2)
M Missing Encryption of Sensitive Data	[,7.17.23)[8.0.0-alpha1,8.13.0)
M Stack-based Buffer Overflow	[8.13.1,8.14.0)
M Incorrect Authorization	[8.10.0,8.13.0)
M Uncontrolled Recursion	[,7.17.19)[8.0.0-alpha1,8.13.0)
M Insertion of Sensitive Information into Log File	[7.0.0,7.17.16)[8.0.0,8.11.2)
H Improper Handling of Exceptional Conditions	[7.0.0,7.17.14)[8.0.0,8.10.3)
H Uncontrolled Resource Consumption ('Resource Exhaustion')	[,7.17.13)[8.0.0,8.9.0)
M Stack-based Buffer Overflow	[7.0.0,7.17.13)[8.0.0,8.9.1)
H Denial of Service (DoS)	[8.0.0,8.2.1)
M Cross-site Scripting (XSS)	[,7.17.1)[8.0.0,8.0.1)
L Missing Authorization	[,7.17.1)[8.0.0,8.0.1)
M Privilege Escalation	[7.16.0,7.17.1)
M Information Exposure	[7.10.0,7.13.4)
M Improper Access Control	[7.11.0,7.14.0)
M Denial of Service (DoS)	[7.0.0,7.13.3)[,6.8.17)
M Information Disclosure	[7.0.0,7.11.2)[,6.8.15)
L Information Disclosure	[7.0.0,7.11.2)[,6.8.15)
L Information Exposure	[7.6.0,7.11.0)
L Information Disclosure	[,6.8.14)[7.0.0-alpha1,7.10.0)
M Information Disclosure	[7.7.0,7.10.2)
L Information Exposure	[0,6.8.13)[7.0.0,7.9.2)
H Privilege Escalation	[6.7.0,6.8.8)[7.0.0,7.6.2)
H Privilege Escalation	[6.7.0,6.8.8)[7.0.0,7.6.2)
M Arbitrary Code Execution	[,1.2.0)
L Information Exposure	[7.0.0,7.4.0)[6.0.0,6.8.4)
H Information Exposure	[6.0.0,6.3.0)
H Information Exposure	[5.6.0,5.6.12)[6.0.0,6.4.1)
M Information Exposure	[6.4.0,6.4.3)
M XML External Entity (XXE) Injection	[6.5.0,6.5.2)
H Privilege Escalation	[,5.6.15)[6.0.0,6.6.1)
M Race Condition	[,6.8.2)[7.0.0,7.2.1)
M Information Exposure	[6.0.0,6.3.0)
M Cross-site Scripting (XSS)	[,1.4.0.Beta1)
M Directory Traversal	[,1.4.5)[1.5.0,1.5.2)
C Arbitrary Code Execution	[,1.6.1)
M Directory Traversal	[,1.6.1)
H Arbitrary Code Execution	[,1.6.0)
H Improper Access Control	[0.6.0,1.3.8)[1.4.0,1.4.3)

Vulnerability

Vulnerable Version

Denial of Service (DoS)

[,7.17.25)[8.0.0-alpha1,8.16.0)

Incorrect Authorization

[8.16.0,8.16.2)

Missing Encryption of Sensitive Data

[,7.17.23)[8.0.0-alpha1,8.13.0)

Stack-based Buffer Overflow

[8.13.1,8.14.0)

Incorrect Authorization

[8.10.0,8.13.0)

Uncontrolled Recursion

[,7.17.19)[8.0.0-alpha1,8.13.0)

Insertion of Sensitive Information into Log File

[7.0.0,7.17.16)[8.0.0,8.11.2)

Improper Handling of Exceptional Conditions

[7.0.0,7.17.14)[8.0.0,8.10.3)

Uncontrolled Resource Consumption ('Resource Exhaustion')

[,7.17.13)[8.0.0,8.9.0)

Stack-based Buffer Overflow

[7.0.0,7.17.13)[8.0.0,8.9.1)

Denial of Service (DoS)

[8.0.0,8.2.1)

Cross-site Scripting (XSS)

[,7.17.1)[8.0.0,8.0.1)

Missing Authorization

[,7.17.1)[8.0.0,8.0.1)

Privilege Escalation

[7.16.0,7.17.1)

Information Exposure

[7.10.0,7.13.4)

Improper Access Control

[7.11.0,7.14.0)

Denial of Service (DoS)

[7.0.0,7.13.3)[,6.8.17)

Information Disclosure

[7.0.0,7.11.2)[,6.8.15)

Information Disclosure

[7.0.0,7.11.2)[,6.8.15)

Information Exposure

[7.6.0,7.11.0)

Information Disclosure

[,6.8.14)[7.0.0-alpha1,7.10.0)

Information Disclosure

[7.7.0,7.10.2)

Information Exposure

[0,6.8.13)[7.0.0,7.9.2)

Privilege Escalation

[6.7.0,6.8.8)[7.0.0,7.6.2)

Privilege Escalation

[6.7.0,6.8.8)[7.0.0,7.6.2)

Arbitrary Code Execution

[,1.2.0)

Information Exposure

[7.0.0,7.4.0)[6.0.0,6.8.4)

Information Exposure

[6.0.0,6.3.0)

Information Exposure

[5.6.0,5.6.12)[6.0.0,6.4.1)

Information Exposure

[6.4.0,6.4.3)

XML External Entity (XXE) Injection

[6.5.0,6.5.2)

Privilege Escalation

[,5.6.15)[6.0.0,6.6.1)

Race Condition

[,6.8.2)[7.0.0,7.2.1)

Information Exposure

[6.0.0,6.3.0)

Cross-site Scripting (XSS)

[,1.4.0.Beta1)

Directory Traversal

[,1.4.5)[1.5.0,1.5.2)

Arbitrary Code Execution

[,1.6.1)

Directory Traversal

[,1.6.1)

Arbitrary Code Execution

[,1.6.0)

Improper Access Control

[0.6.0,1.3.8)[1.4.0,1.4.3)

Package versions

452 VERSIONS IN TOTAL See all versions

version	published	direct vulnerabilities
9.1.3	28 Aug, 2025	0 C 0 H 0 M 0 L
9.1.2	12 Aug, 2025	0 C 0 H 0 M 0 L
9.1.1	7 Aug, 2025	0 C 0 H 0 M 0 L
9.1.0	29 Jul, 2025	0 C 0 H 0 M 0 L
9.0.6	28 Aug, 2025	0 C 0 H 0 M 0 L
9.0.5	12 Aug, 2025	0 C 0 H 0 M 0 L
9.0.4	22 Jul, 2025	0 C 0 H 0 M 0 L
9.0.3	24 Jun, 2025	0 C 0 H 0 M 0 L
9.0.2	3 Jun, 2025	0 C 0 H 0 M 0 L
9.0.1	6 May, 2025	0 C 0 H 0 M 0 L

org.elasticsearch:elasticsearch vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

How to fix?

Package versions