pkg:Maven/org.graylog2:graylog2-server

All known vulnerabilities

• HIGH8.8CVE-2024-24824Graylog vulnerable to instantiation of arbitrary classes triggered by API request
  >= 2.0.0, < 5.1.11
• HIGH8.0CVE-2025-46827Graylog Allows Session Takeover via Insufficient HTML Sanitization
  from 0, < 6.0.14
• MEDIUM6.5CVE-2025-30373Graylog's Authenticated HTTP inputs ingest message even if Authorization header is missing or has wrong value
  >= 6.1.0, < 6.1.9
• MEDIUM6.1Cross-site Scripting in Graylog
  from 0, < 2.4.4
• MEDIUM6.1Cross-site Scripting in Graylog Server
  from 0, < 2.4.4
• MEDIUM6.1Cross-site Scripting in Graylog Server
  from 0, < 2.4.6
• MEDIUM5.7Graylog session fixation vulnerability through cookie injection
  >= 4.3.0, < 5.1.11
• LOW3.7Graylog vulnerable to insecure source port usage for DNS queries
  >= 5.1.0, < 5.1.3
• LOW3.3Graylog server has partial path traversal vulnerability in Support Bundle feature
  >= 5.1.0, < 5.1.3
• LOW2.6Graylog user session is still usable after logout
  >= 1.0, < 5.0.9
• —Graylog vulnerable to privilege escalation through API tokens
  >= 6.2.0, < 6.2.4