FLAT-I5W9Y (MAL-2026-4956)
Use of software with malware In @cloudplatform-single-spa/opensearch
5.2
Medium
Ecosystem: Npm
Package: @cloudplatform-single-spa/opensearch
FLAT-XNT03 (GHSA-27f5-xjrr-q9ff)
Use of software with malware In @opensearch-project/opensearch
9.1
Critical
Ecosystem: Npm
Package: @opensearch-project/opensearch
FLAT-6PIT6 (MAL-2026-3434)
Use of software with malware In @opensearch-project/opensearch
5.2
Medium
Ecosystem: Npm
Package: @opensearch-project/opensearch
FLAT-2EAZY (CVE-2026-43826)
Sensitive information stored in logs In apache-airflow-providers-opensearch
4.2
Medium
Ecosystem: PyPI
Package: apache-airflow-providers-opensearch
FLAT-ETYBG (GHSA-x5hg-x4gv-j98m)
Insecure digital certificates In org.opensearch.plugin:opensearch-security
3.7
Low
Ecosystem: Maven
Package: org.opensearch.plugin:opensearch-security
FLAT-GLVF7 (GHSA-x83w-23jp-g6pw)
Authentication mechanism absence or evasion In org.opensearch.plugin:opensearch-security
2.3
Low
Ecosystem: Maven
Package: org.opensearch.plugin:opensearch-security
FLAT-YHHAK (GHSA-22vx-2x23-98w6)
Authentication mechanism absence or evasion In org.opensearch.plugin:opensearch-security
0.5
Low
Ecosystem: Maven
Package: org.opensearch.plugin:opensearch-security
FLAT-7PJD9 (GHSA-83x9-vc3c-hghc)
Authentication mechanism absence or evasion In org.opensearch.plugin:opensearch-security
1.7
Low
Ecosystem: Maven
Package: org.opensearch.plugin:opensearch-security
FLAT-ONTP2 (CVE-2025-9624)
Improper resource allocation In org.opensearch:opensearch-common
5.7
Medium
Ecosystem: Maven
Package: org.opensearch:opensearch-common
FLAT-3IC0A (GHSA-3xgr-h5hq-7299)
Insecure digital certificates In org.opensearch.dataprepper.plugins:geoip-processor
4.6
Medium
Ecosystem: Maven
Package: org.opensearch.dataprepper.plugins:geoip-processor
FLAT-QEFWJ (GHSA-28gg-8qqj-fhh5)
Insecure digital certificates In org.opensearch.dataprepper.plugins:geoip-processor
1.7
Low
Ecosystem: Maven
Package: org.opensearch.dataprepper.plugins:geoip-processor
FLAT-6BJQH (CVE-2025-62371)
Insecure digital certificates In org.opensearch.dataprepper.plugins:opensearch
6.9
Medium
Ecosystem: Maven
Package: org.opensearch.dataprepper.plugins:opensearch
FLAT-HNCZR (MAL-2025-9145)
Use of software with malware In @opensearch/datemath
5.2
Medium
Ecosystem: Npm
Package: @opensearch/datemath
FLAT-EZ175 (MAL-2025-28332)
Use of software with malware In opensearch-console-server
5.2
Medium
Ecosystem: Npm
Package: opensearch-console-server
FLAT-LWNYS (GHSA-2rjv-cv85-xhgm)
Unauthorized access to screen In org.opensearch.plugin:opensearch-security
4.6
Medium
Ecosystem: Maven
Package: org.opensearch.plugin:opensearch-security
FLAT-NX9MA (GHSA-rrmm-wq7q-h4v5)
Business information leak In org.opensearch.plugin:opensearch-security
4.3
Medium
Ecosystem: Maven
Package: org.opensearch.plugin:opensearch-security
FLAT-N0Y9C (MAL-2025-4860)
Use of software with malware In opensearch-with-grafana-lambdas
5.2
Medium
Ecosystem: Npm
Package: opensearch-with-grafana-lambdas
FLAT-VMME7 (CVE-2024-39900)
Improper authorization control for web services In org.opensearch.plugin:opensearch-reports-scheduler
1.3
Low
Ecosystem: Maven
Package: org.opensearch.plugin:opensearch-reports-scheduler
FLAT-OGAX4 (CVE-2024-39901)
Improper authorization control for web services In org.opensearch.plugin:opensearch-observability
0.6
Low
Ecosystem: Maven
Package: org.opensearch.plugin:opensearch-observability
FLAT-TAUN1 (GHSA-6g3j-p5g6-992f)
Improper resource allocation In org.opensearch:opensearch
4.9
Medium
Ecosystem: Maven
Package: org.opensearch:opensearch
FLAT-X8TDX (CVE-2023-45807)
Excessive privileges In org.opensearch.plugin:opensearch-security
1.3
Low
Ecosystem: Maven
Package: org.opensearch.plugin:opensearch-security
FLAT-2CYIL (GHSA-8wx3-324g-w4qq)
Asymmetric denial of service In org.opensearch.plugin:opensearch-security
6.6
Medium
Ecosystem: Maven
Package: org.opensearch.plugin:opensearch-security
FLAT-31YFO (CVE-2023-31141)
Authentication mechanism absence or evasion In org.opensearch.plugin:opensearch-security
4.6
Medium
Ecosystem: Maven
Package: org.opensearch.plugin:opensearch-security
FLAT-0AO1G (CVE-2022-41918)
Authentication mechanism absence or evasion In org.opensearch.plugin:opensearch-security
1.3
Low
Ecosystem: Maven
Package: org.opensearch.plugin:opensearch-security
FLAT-D0GDS (CVE-2023-25806)
User enumeration In org.opensearch.plugin:opensearch-security
2.7
Low
Ecosystem: Maven
Package: org.opensearch.plugin:opensearch-security
FLAT-WV8X7 (CVE-2023-23933)
Out-of-bounds read In opensearch
1.3
Low
Ecosystem: RubyGems
Package: opensearch
FLAT-1JW3Y (CVE-2023-23613)
Business information leak In org.opensearch.plugin:opensearch-security
4.6
Medium
Ecosystem: Maven
Package: org.opensearch.plugin:opensearch-security
FLAT-2ECQT (CVE-2023-23612)
Improper authorization control for web services In org.opensearch.plugin:opensearch-security
5.2
Medium
Ecosystem: Maven
Package: org.opensearch.plugin:opensearch-security
FLAT-GH3CH (CVE-2022-41917)
Insecure deserialization In opensearch
1.3
Low
Ecosystem: RubyGems
Package: opensearch
FLAT-GLJ51 (CVE-2022-35980)
Missing subresource integrity check In org.opensearch.plugin:opensearch-security
6.6
Medium
Ecosystem: Maven
Package: org.opensearch.plugin:opensearch-security
FLAT-42GG7 (CVE-2022-31115)
Insecure deserialization In opensearch-ruby
6.3
Medium
Ecosystem: RubyGems
Package: opensearch-ruby
FLAT-U2U10 (CVE-2021-44833)
Excessive privileges In github.com/opensearch-project/opensearch-cli
9.1
Critical
Ecosystem: Go
Package: github.com/opensearch-project/opensearch-cli