{"package":"github.com/elastic/beats/v7","ecosystem":"go","latest_version":"v7.17.29","description":":tropical_fish: Beats - Lightweight shippers for Elasticsearch & Logstash","license":"BSD-3-Clause","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://pkg.go.dev/github.com/elastic/beats/v7","repository":"https://github.com/elastic/beats/v7","downloads_weekly":12612,"health":{"score":52,"risk":"high","breakdown":{"maintenance":10,"popularity":10,"security":12,"maturity":15,"community":5},"deprecated":false,"max_score":100},"vulnerabilities":{"count":10,"critical":0,"high":1,"medium":4,"low":5,"details":[{"vuln_id":"CVE-2026-26933","severity":"medium","summary":"Packetbeat does not properly validate an array index in multiple protocol parser components","affected_versions":"<7.0.0-alpha2.0.20260126223743-dec1b31111ec","fixed_version":"7.0.0-alpha2.0.20260126223743-dec1b31111ec","source":"osv","published_at":"2026-03-19T18:31:19Z","in_kev":false,"epss_prob":8e-05,"epss_percentile":0.00713,"threat_tier":"theoretical"},{"vuln_id":"CVE-2025-68383","severity":"medium","summary":"Filebeat Beats has Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in Dissect Configuration","affected_versions":">=7.7.0,<8.19.9|>=9.0.0,<9.1.9|>=9.2.0,<9.2.3|<7.0.0-alpha2.0.20251204214633-dd3af18220bf|<=7.6.2","fixed_version":"7.0.0-alpha2.0.20251204214633-dd3af18220bf","source":"osv","published_at":"2025-12-19T00:31:42Z","in_kev":false,"epss_prob":0.00067,"epss_percentile":0.20406,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-26931","severity":"medium","summary":"Metricbeat Allocates Memory with Excessive Size Value Leading to Denial of Service","affected_versions":"<7.0.0-alpha2.0.20260112100137-de072c4e371e","fixed_version":"7.0.0-alpha2.0.20260112100137-de072c4e371e","source":"osv","published_at":"2026-03-19T18:31:18Z","in_kev":false,"epss_prob":0.00022,"epss_percentile":0.06034,"threat_tier":"theoretical"},{"vuln_id":"CVE-2025-68388","severity":"high","summary":"Elasticsearch Packetbeat has Excessive Allocation of Memory and CPU via Malicious IPv4 Fragments","affected_versions":">=8.6.0,<8.19.9|>=9.0.0,<9.1.9|>=9.2.0,<9.2.3|<7.0.0-alpha2.0.20251209162832-28cfc80d2f4e","fixed_version":"7.0.0-alpha2.0.20251209162832-28cfc80d2f4e","source":"osv","published_at":"2025-12-19T00:31:42Z","in_kev":false,"epss_prob":0.00152,"epss_percentile":0.35479,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-0528","severity":"medium","summary":"Metricbeat affected by multiple denial of service vulnerabilities","affected_versions":"<7.0.0-alpha2.0.20251217054608-6e42552a23ce|>=8.0.0,<8.19.10|>=9.0.0,<9.1.10|>=9.2.0,<9.2.4","fixed_version":"9.2.4","source":"osv","published_at":"2026-01-13T21:31:46Z","in_kev":false,"epss_prob":0.00053,"epss_percentile":0.1645,"threat_tier":"theoretical"},{"vuln_id":"CVE-2025-68383","severity":"unknown","summary":"Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in github.com/elastic/beats","affected_versions":">=7.7.0,<7.0.0-alpha2.0.20251204214633-dd3af18220bf","fixed_version":"7.0.0-alpha2.0.20251204214633-dd3af18220bf","source":"osv","published_at":"2026-01-23T02:28:11Z","in_kev":false,"epss_prob":0.00067,"epss_percentile":0.20406,"threat_tier":"theoretical"},{"vuln_id":"CVE-2025-68388","severity":"unknown","summary":"Elasticsearch Packetbeat has Excessive Allocation of Memory and CPU via Malicious IPv4 Fragments in github.com/elastic/beats","affected_versions":"<7.0.0-alpha2.0.20251209162832-28cfc80d2f4e","fixed_version":"7.0.0-alpha2.0.20251209162832-28cfc80d2f4e","source":"osv","published_at":"2026-01-23T02:28:11Z","in_kev":false,"epss_prob":0.00152,"epss_percentile":0.35479,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-0528","severity":"unknown","summary":"Metricbeat affected by multiple denial of service vulnerabilities in github.com/elastic/beats","affected_versions":"<7.0.0-alpha2.0.20251217054608-6e42552a23ce","fixed_version":"7.0.0-alpha2.0.20251217054608-6e42552a23ce","source":"osv","published_at":"2026-03-10T18:28:01Z","in_kev":false,"epss_prob":0.00053,"epss_percentile":0.1645,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-26933","severity":"unknown","summary":"Packetbeat does not properly validate an array index in multiple protocol parser components in github.com/elastic/beats","affected_versions":"<7.0.0-alpha2.0.20260126223743-dec1b31111ec","fixed_version":"7.0.0-alpha2.0.20260126223743-dec1b31111ec","source":"osv","published_at":"2026-04-07T14:58:41Z","in_kev":false,"epss_prob":8e-05,"epss_percentile":0.00713,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-26931","severity":"unknown","summary":"Metricbeat Allocates Memory with Excessive Size Value Leading to Denial of Service in github.com/elastic/beats","affected_versions":"<7.0.0-alpha2.0.20260112100137-de072c4e371e","fixed_version":"7.0.0-alpha2.0.20260112100137-de072c4e371e","source":"osv","published_at":"2026-04-07T14:58:41Z","in_kev":false,"epss_prob":0.00022,"epss_percentile":0.06034,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"v7.17.29","total_count":84,"recent":["v7.0.0-rc1","v7.17.17","v7.10.0","v7.15.0","v7.17.14","v7.11.1","v7.17.28","v7.5.1","v7.11.2","v7.1.1","v7.0.0-rc2","v7.17.5","v7.9.0","v7.4.2","v7.7.1","v7.17.1","v7.17.24","v7.11.0","v7.17.23","v7.13.2"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":928,"first_published":null,"last_published":"2025-06-18T16:13:39Z","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["1 high severity vulnerabilities"],"use_version":"v7.17.29","version_hint":"Update to >= 7.0.0-alpha2.0.20260112100137-de072c4e371e to fix known vulnerabilities","summary":"github.com/elastic/beats/v7@v7.17.29 has vulnerabilities — update to latest"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":1083,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":null,"last_release_days_ago":315,"avg_days_between_releases":null,"release_velocity":"moderate"}}