Opensearch Opensearch

  1. Vendors
  2. Opensearch

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Opensearch product.

RSS Feeds for Opensearch security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Opensearch products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Opensearch Sorted by Most Security Vulnerabilities since 2018

Opensearch Observability2 vulnerabilities

Opensearch2 vulnerabilities

By the Year

In 2026 there have been 0 vulnerabilities in Opensearch. Last year, in 2025 Opensearch had 1 security vulnerability published. Right now, Opensearch is on track to have less security vulnerabilities in 2026 than it did last year.

Year Vulnerabilities Average Score
2026 0 0.00
2025 1 0.00
2024 2 5.40
2023 0 0.00
2022 1 8.80

It may take a day or so for new Opensearch vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Opensearch Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-9624 Nov 25, 2025
OpenSearch DoS via query_string Before v3.2 A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs. This issue affects all OpenSearch versions between 3.0.0 and < 3.3.0 and OpenSearch < 2.19.4.
Opensearch
CVE-2024-39901 Jul 09, 2024
OpenSearch Observability Plugin Data Leak <2.14 OpenSearch Observability is collection of plugins and applications that visualize data-driven events. An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed. The patches are included in OpenSearch 2.14.
Observability
CVE-2024-39900 Jul 09, 2024
OpenSearch Dashboards Reports Unchecked Tenant Access (2.13) OpenSearch Dashboards Reports allows Report Owner export and share reports from OpenSearch Dashboards. An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed. The patches are included in OpenSearch 2.14.
Observability
CVE-2022-31115 Jun 30, 2022
opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby `YAML.load` function was used instead of `YAML.safe_load`. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. An attacker must be in control of an opensearch server and convince the victim to connect to it in order to exploit this vulnerability. The problem has been patched in opensearch-ruby gem version 2.0.1. Users are advised to upgrade. There are no known workarounds for this issue.
Opensearch
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.