CRITICAL9.8CVE-2024-4323Fluent Bit Memory Corruption Vulnerability >= 2.0.7, < 3.0.4
CRITICAL9.8CVE-2021-36088Fluent Bit (aka fluent-bit) 1.7.0 through 1.7.4 has a double free in flb_free (called from flb_parser_json_do and flb_parser_do). >= 1.7.0, < 1.7.5
>= 4.1.0, < 4.1.1
HIGH8.8CVE-2025-12970
>= 4.1.0, < 4.1.1
HIGH7.8flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it does not use the correct calculation of th…
from 0, < 1.6.4
HIGH7.8An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug…
>= 1.7.1, < 1.7.2
HIGH7.8An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpack data resulting in a heap overflow in…
>= 1.7.1, < 1.7.2
HIGH7.5fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c.
>= 2.2.2, < 2.2.3
HIGH7.5An issue was discovered in Fluent Bit 3.1.9.
>= 3.1.9, < 3.1.10
HIGH7.5An issue was discovered in Fluent Bit 3.1.9.
>= 3.1.9, < 3.1.10
HIGH7.5In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form…
>= 2.1.8, < 2.2.2
HIGH7.5Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metri…
>= 1.6.10, < 1.6.11
MEDIUM6.5CVE-2025-12969
>= 4.1.0, < 4.1.1
MEDIUM5.5An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.
from 0
MEDIUM5.5An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.
from 0
MEDIUM5.4CVE-2025-12978
>= 4.1.0, < 4.1.1
MEDIUM5.3CVE-2025-12972
>= 4.1.0, < 4.1.1