✅ Check your installed version
All known vulnerabilities
HIGH8.1CVE-2014-3120⚠ KEVElasticsearch Improper Access Control vulnerability from 0, < 1.4.0.Beta1
from 0, < 1.3.8
HIGH8.8CVE-2020-7009Improper Privilege Management in Elasticsearch >= 6.7.0, < 6.8.8
HIGH8.8CVE-2018-3831Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch >= 5.6.0, < 5.6.12
>= 6.7.0, < 6.8.8
from 0, < 5.6.15
HIGH7.5CVE-2023-31418Elasticsearch vulnerable to Uncontrolled Resource Consumption from 0, < 7.17.13
HIGH7.5CVE-2022-23712Improper Check for Unusual or Exceptional Conditions in Elasticsearch >= 8.0.0, < 8.2.1
from 0, < 1.6.0
MEDIUM6.8CVE-2025-37731Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates >= 7.0.0-alpha1, < 8.19.8
MEDIUM6.5CVE-2024-52979Elasticsearch Uncontrolled Resource Consumption vulnerability from 0, < 7.17.25
MEDIUM6.5CVE-2024-52980Elasticsearch Potential Node Crash due to Large Recursion in `innerForbidCircularReferences` Function >= 7.17.0, < 8.15.1
MEDIUM6.5CVE-2024-43709Elasticsearch allocation of resources without limits or throttling leads to crash from 0, < 7.17.21
MEDIUM6.5CVE-2023-46673Elasticsearch Improper Handling of Exceptional Conditions >= 7.0.0, < 7.17.14
>= 7.0.0, < 7.17.13
MEDIUM6.5CVE-2020-7019Improper privilege management in elasticsearch >= 7.0.0, < 7.9.0
MEDIUM6.5CVE-2018-17244Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch >= 6.4.0, < 6.4.3
MEDIUM6.5CVE-2021-22147Exposure of sensitive information in Elasticsearch >= 7.11.0, < 7.14.0
MEDIUM6.1CVE-2018-3824Elasticsearch subject to cross site scripting from 0, < 5.6.9
MEDIUM5.9CVE-2019-7614Concurrent Execution using Shared Resource with Improper Synchronization in Elasticsearch from 0, < 6.8.2
MEDIUM5.9CVE-2018-17247Improper Restriction of XML External Entity Reference in Elasticsearch >= 6.5.0, < 6.5.2
MEDIUM5.7CVE-2025-37727Elasticsearch: Insertion of Sensitive Information into Log File via reindex API >= 7.0.0, < 8.18.8
from 0, < 6.8.17
MEDIUM5.3CVE-2021-22137Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch >= 7.11.0, < 7.11.2
MEDIUM5.3CVE-2019-7619Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch >= 6.7.0, < 6.8.4
MEDIUM5.3CVE-2021-22135API information disclosure flaw in Elasticsearch >= 7.0.0, < 7.11.2
MEDIUM5.2CVE-2023-49921Elasticsearch Insertion of Sensitive Information into Log File from 0, < 7.17.16
MEDIUM4.9CVE-2024-52981Elasticsearch Vulnerable to Stack Overflow due to a Large Recursion >= 7.17.0, < 7.17.24
MEDIUM4.9CVE-2024-23444Elasticsearch stores private key on disk unencrypted >= 8.0.0-alpha1, < 8.13.0
>= 8.13.1, < 8.14.0
MEDIUM4.9CVE-2024-23450Elasticsearch Uncontrolled Resource Consumption vulnerability >= 7.0.0, < 7.17.19
MEDIUM4.9CVE-2020-7021Insertion of Sensitive Information into Log File in Elasticsearch from 0, < 6.8.14
MEDIUM4.8CVE-2021-22132Insufficiently Protected Credentials in Elasticsearch >= 7.7.0, < 7.10.2
MEDIUM4.4CVE-2024-23451Elasticsearch Incorrect Authorization vulnerability >= 8.10.0, < 8.13.0
MEDIUM4.3CVE-2024-23449Elasticsearch Uncaught Exception leading to crash >= 8.4.0, < 8.11.1
>= 7.16.0, < 7.17.1
MEDIUM4.3CVE-2021-22134Exposure of Sensitive Information to an Unauthorized Actor >= 7.6.0, < 7.11.0
MEDIUM4.1CVE-2023-31417Elasticsearch Insertion of sensitive information in audit logs >= 7.0.0, < 7.17.13
LOW3.1CVE-2020-7020Privilege Context Switching Error in Elasticsearch from 0, < 6.8.13
>= 8.16.0, < 8.16.2
from 0, < 1.4.5
from 0, < 1.4.0.Beta1
—CVE-2015-5531Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch from 0, < 1.6.1