github.com/elastic/beats (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/elastic/beats, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2017-11480 — CVSS 7.5 (high): Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler. If Packetbeat is listening…
CVE-2023-49922 — CVSS 6.8 (medium): An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if…
CVE-2025-68383 — CVSS 6.5 (medium): Improper Validation of Specified Index, Position, or Offset in Input (CWE-1285) in Filebeat Syslog parser and the Libbeat Dissect processor…
CVE-2026-0528 — CVSS 6.5 (medium): Improper Validation of Array Index (CWE-129) exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data…
CVE-2026-26933 — CVSS 5.7 (medium): Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data…
CVE-2026-26931 — CVSS 5.7 (medium): Memory Allocation with Excessive Size Value (CWE-789) in the Prometheus remote_write HTTP handler in Metricbeat can lead Denial of Service…
CVE-2025-68388 — CVSS 5.3 (medium): Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation…