github.com/elastic/beats
Go5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/elastic/beatspage 1 of 1
- CVE-2017-11480HIGHCVSS 7.5EG 7.5✓ Fixed in 6.1.0+incompatible2017-12-08
Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler. If Packetbeat is listening for PostgreSQL traffic and a user is able to send arbitrary network traffic to the monitored port, t…
- CVE-2023-49922MEDIUMCVSS 6.5EG 6.8✓ Fixed in 7.17.162023-12-12
An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending …
- CVE-2025-68383MEDIUMCVSS 6.5EG 6.52025-12-18
Improper Validation of Specified Index, Position, or Offset in Input (CWE-1285) in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow (CAPEC-100) and cause a denial of service (panic/cras…
- CVE-2025-68388MEDIUMCVSS 5.3EG 5.32025-12-18
Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to a degradation …
- CVE-2026-0528MEDIUMCVSS 6.5EG 6.52026-01-13
Improper Validation of Array Index (CWE-129) exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed payloads sent to the Graphite server metricse…
Check whether github.com/elastic/beats is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/elastic/beats CVEs against the assets you own.
Start Free Scan →