org.graylog2:graylog2-server (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.graylog2:graylog2-server, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (11)
CVE-2024-24824 — CVSS 8.8 (high): Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can…
CVE-2025-53106 — CVSS 8.8 (high): Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users…
CVE-2025-46827 — CVSS 8.0 (high): Graylog is a free and open log management platform. Prior to versions 6.0.14, 6.1.10, and 6.2.0, it is possible to obtain user session…
CVE-2025-30373 — CVSS 6.5 (medium): Graylog is a free and open log management platform. Starting with 6.1, HTTP Inputs can be configured to check if a specified header is…
CVE-2018-11650 — CVSS 6.1 (medium): Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js.
CVE-2018-11651 — CVSS 6.1 (medium): Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashboard.jsx…
CVE-2018-14380 — CVSS 6.1 (medium): In Graylog before 2.4.6, XSS was possible in typeahead components, related to components/common/TypeAheadInput.jsx and…
CVE-2024-24823 — CVSS 5.7 (medium): Graylog is a free and open log management platform. Starting in version 4.3.0 and prior to versions 5.1.11 and 5.2.4, reauthenticating with…
CVE-2023-41045 — CVSS 3.7 (low): Graylog is a free and open log management platform. Graylog makes use of only one single source port for DNS queries. Graylog binds a…
CVE-2023-41044 — CVSS 3.3 (low): Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's `Support Bundle` feature…
CVE-2023-41041 — CVSS 2.6 (low): Graylog is a free and open log management platform. In a multi-node Graylog cluster, after a user has explicitly logged out, a user session…