| SGSA 23 | | 2026-03-31 | The audit logging feature might log user credentials from users logging into Kibana | Update or disable request-body logging, either globally searchguard.audit.log_request_body: false or specifically searchguard.audit.ignore_request_bodies: ["/_searchguard/auth/session"] | FLX4.1.0 | floragunn |
| SGSA 22 | | 2026-03-31 | There exists an issue which allows users without the necessary privileges to execute some management operations against data streams | Update or configure indices:admin/data_stream/modify as an admin-only action | FLX4.1.0 | floragunn |
| SGSA 21 | | 2026-03-31 | It is possible to use specially crafted requests to redirect the user to an untrusted URL | Update | FLX4.1.0 | floragunn |
| SGSA 20 | | 2025-12-01 | When enterprise modules are disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileges. | Update | FLX4.0.1 | floragunn |
| SGSA 19 | | 2025-11-14 | When a search is initiated from a Signals watch, DLS rules may not be properly enforced, resulting in access to protected documents within the queried indices. | Update | FLX3.1.3 | floragunn |
| SGSA 18 | | 2025-10-29 | When field masking (FM) is applied on fields of type IP, the document can still be searched using that IP field | Update | FLX3.1.2 | floragunn |
| SGSA 17 | | 2025-10-29 | When field level security (FLS) is applied on fields that hold objects, the member attribute of that object remains available to search queries | Update | FLX3.1.2 | floragunn |
| SGSA 16 | | 2019-03-19 | When Cross Cluster Search (CCS) is enabled, authenticated users can gain read access to data they are not authorized to see | Update | 6.x-24.3 | floragunn |
| SGSA 15 | | 2018-12-13 | Field caps and mapping API leak field names (not values) for fields which are not allowed for the user because FLS was activated | Update | 6.x-24.0 | floragunn |
| SGSA 14 | | 2018-12-13 | Values of string arrays in data are not properly anonymized | Update | 6.x-24.0 | floragunn |
| SGSA 13 | | 2018-03-19 | Possible URL injection on login page when basePath is set | Update | Kibana plugin 6.x-16 | floragunn |
| SGSA 12 | | 2018-08-24 | REST API leak password hashes (not cleartext) for users endpoint | Update | 6.x-23.1 | Thorsten Lutz, SySS GmbH |
| SGSA 11 | | 2018-09-14 | For aggregations, clear text values of anonymised fields were leaked | Update | 6.x-23.1 | floragunn |
| SGSA 10 | | 2018-01-18 | Password dependent timing side channel in AuthCredentials | Update | 6.x-21.0 | @madblobfish |
| SGSA 9 | | 2018-04-09 | A Kibana user could impersonate as kibanaserver user, when providing wrong credentials | Update | Kibana Plugin 5.6.8-7 and Kibana Plugin 6.x-12 | Guy Moller |
| SGSA 8 | | 2018-04-04 | Redirect and XSS vulnerability in Kibana plugin | Update | Kibana Plugin 5.6.8-7 and Kibana Plugin 6.x-12 | Vineet Kumar |
| SGSA 7 | n/a | 2017-08-10 | DLS/FLS leaking information, when multitenancy module is installed and “do not fail on forbidden” is activated | Update or deactivate “do not fail on forbidden” | SG v15 | Guy Moller |
| SGSA 6 | n/a | 2017-02-13 | FLS/DLS not working for regex index patterns | Update or avoid regex patterns | SG v11 and DLS/FLS module v6 | Guy Moller |
| SGSA 5 | n/a | 2017-01-13 | Auditlog does not log all security relevant events | Update | SG V10 | Guy Moller |
| SGSA 4 | n/a | 2017-01-05 | FLS/DLS not working for index patterns | Update | SG v10 and DLS/FLS module v5 | Matej Zerovnik |
| SGSA 3 | n/a | 2016-11-27 | Wrong permissions resolution for certain index/type combinations | Update | 6.x-23.1 | Lucas Bremgartner |
| SGSA 2 | n/a | 2016-11-25 | DLS not picked up when getting documents by ID | Update | SG v9 and DLS/FLS module v5 | Fabio Corneti |
| SGSA 1 | n/a | 2016-07-28 | Authentication cache lead to password hashcode vulnerability | Update | SG V4 | Vladimir Gordiychuk |