Is github.com/elastic/beats safe to use?

github.com/elastic/beats has 6 known vulnerabilities on the latest version (v6.8.23+incompatible). DepScope rates its health at 48/100 (high risk).

What is the latest version of github.com/elastic/beats?

The latest version of github.com/elastic/beats is v6.8.23+incompatible, released 2022-01-04.

Does github.com/elastic/beats have known vulnerabilities?

Yes. github.com/elastic/beats has 6 known vulnerabilities. See depscope.dev/pkg/go/github.com/elastic/beats for details.

Is github.com/elastic/beats deprecated?

No, github.com/elastic/beats is actively maintained. Latest release: v6.8.23+incompatible (2022-01-04).

What are alternatives to github.com/elastic/beats?

DepScope has no curated alternatives for github.com/elastic/beats at this time.

What license does github.com/elastic/beats use?

github.com/elastic/beats is licensed under Apache-2.0.

github.com/elastic/beats

govv6.8.23+incompatible

:tropical_fish: Beats - Lightweight shippers for Elasticsearch & Logstash

License Apache-2.0permissive157 versions928 maintainers0 deps12,612 weekly dl

elastic/beats

/ 100

Health

update required

github.com/elastic/[email protected]+incompatible has vulnerabilities — update to latest

Update to >= 7.0.0-alpha2.0.20260112100137-de072c4e371e to fix known vulnerabilities

1 high severity vulnerabilities

Health breakdown0 – 100

0/25

maintenance

10/20

popularity

18/25

security

15/15

maturity

5/15

community

Vulnerabilities

1 high1 medium4 low

Advisories (6)

Severity	ID	Summary	Fixed in
medium	CVE-2025-68383	Filebeat Beats has Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in Dissect Configuration	7.0.0-alpha2.0.20251204214633-dd3af18220bf
high	CVE-2025-68388	Elasticsearch Packetbeat has Excessive Allocation of Memory and CPU via Malicious IPv4 Fragments	7.0.0-alpha2.0.20251209162832-28cfc80d2f4e
unknown	CVE-2025-68388	Elasticsearch Packetbeat has Excessive Allocation of Memory and CPU via Malicious IPv4 Fragments in github.com/elastic/beats	7.0.0-alpha2.0.20251209162832-28cfc80d2f4e
unknown	CVE-2026-0528	Metricbeat affected by multiple denial of service vulnerabilities in github.com/elastic/beats	7.0.0-alpha2.0.20251217054608-6e42552a23ce
unknown	CVE-2026-26933	Packetbeat does not properly validate an array index in multiple protocol parser components in github.com/elastic/beats	7.0.0-alpha2.0.20260126223743-dec1b31111ec
unknown	CVE-2026-26931	Metricbeat Allocates Memory with Excessive Size Value Leading to Denial of Service in github.com/elastic/beats	7.0.0-alpha2.0.20260112100137-de072c4e371e

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/go/github.com/elastic/beats

Last updated · 2022-01-04T05:58:54Z

Severity

Summary

Fixed in

medium

CVE-2025-68383

Filebeat Beats has Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in Dissect Configuration

7.0.0-alpha2.0.20251204214633-dd3af18220bf

high

CVE-2025-68388

Elasticsearch Packetbeat has Excessive Allocation of Memory and CPU via Malicious IPv4 Fragments

7.0.0-alpha2.0.20251209162832-28cfc80d2f4e

unknown

CVE-2025-68388

Elasticsearch Packetbeat has Excessive Allocation of Memory and CPU via Malicious IPv4 Fragments in github.com/elastic/beats

7.0.0-alpha2.0.20251209162832-28cfc80d2f4e

unknown

CVE-2026-0528

Metricbeat affected by multiple denial of service vulnerabilities in github.com/elastic/beats

7.0.0-alpha2.0.20251217054608-6e42552a23ce

unknown

CVE-2026-26933

Packetbeat does not properly validate an array index in multiple protocol parser components in github.com/elastic/beats

7.0.0-alpha2.0.20260126223743-dec1b31111ec

unknown

CVE-2026-26931

Metricbeat Allocates Memory with Excessive Size Value Leading to Denial of Service in github.com/elastic/beats

7.0.0-alpha2.0.20260112100137-de072c4e371e