org.graylog2:graylog2-server vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2025-53106Highorg.graylog2:graylog2-server: Graylog vulnerable to privilege escalation through API tokensCVE-2025-46827Highorg.graylog2:graylog2-server: Graylog Allows Session Takeover via Insufficient HTML SanitizationGHSA-Q9Q2-3PPX-MWQFHighorg.graylog2:graylog2-server: Graylog Allows Stored Cross-Site Scripting via Files Plugin and API BrowserCVE-2025-30373Mediumorg.graylog2:graylog2-server: Graylog's Authenticated HTTP inputs ingest message even if Authorization header is missing or has wrong valueCVE-2024-24823Mediumorg.graylog2:graylog2-server: Graylog session fixation vulnerability through cookie injectionCVE-2024-24824Highorg.graylog2:graylog2-server: Graylog vulnerable to instantiation of arbitrary classes triggered by API requestCVE-2023-41044Loworg.graylog2:graylog2-server: Graylog server has partial path traversal vulnerability in Support Bundle featureCVE-2023-41045Loworg.graylog2:graylog2-server: Graylog vulnerable to insecure source port usage for DNS queriesCVE-2023-41041Loworg.graylog2:graylog2-server: Graylog user session is still usable after logoutCVE-2018-11651Mediumorg.graylog2:graylog2-server: Cross-site Scripting in GraylogCVE-2018-11650Mediumorg.graylog2:graylog2-server: Cross-site Scripting in Graylog ServerCVE-2018-14380Mediumorg.graylog2:graylog2-server: Cross-site Scripting in Graylog Server

Stop the waste.
Protect your environment with Kodem.