Filters
Versions
8.0.0
15
9.0.0
13
9.3.0
8
9.2.0
6
5.0.0
5
7.0.0
5
7.4.0
5
9.4.0
5
9.5.0
5
6.0.0
4
8.1.0
4
10.0.0
3
10.1.0
3
5.3.1
3
9.1.0
3
2.0.0
2
3.0.1
2
5.0.0-beta1
2
5.0.0-beta2
2
5.0.0-beta3
2
5.0.0-beta4
2
5.0.0-beta5
2
5.3.0
2
6.7.3
2
7.2.0
2
8.4.0
2
8.4.3
2
8.5.0
2
1.1.0
1
1.3.0
1
10.2.0
1
10.3.0
1
10.4.0
1
11.0.0
1
2.0.0-beta1
1
2.0.0-beta3
1
2.0.1
1
2.1.2
1
2.5.0
1
3.0.0
1
3.0.0-beta1
1
3.0.0-beta2
1
3.0.0-beta3
1
3.0.0-beta4
1
3.0.0-beta5
1
3.0.0-beta6
1
3.0.0-beta7
1
3.1.1
1
4.0.0
1
5.0.1
1
5.1.3
1
5.2.4
1
5.4.0
1
6.3.6
1
6.4.3
1
6.7.0
1
6.7.1
1
7.0.1
1
7.0.5
1
7.3.0
1
7.3.4
1
7.4.1
1
8.0.0-beta1
1
8.0.0-beta2
1
8.0.0-beta3
1
8.0.1
1
8.2.0
1
8.3.0
1
8.3.0-beta1
1
8.3.0-beta2
1
8.3.1
1
go/github.com/grafana/grafanaOrganization admins can delete pending invites created in an organization they are not part of.
2.7
First published (updated )
go/github.com/grafana/grafanaGrafana SQL Expressions allow for remote code execution
10
EPSS
0.05%
First published (updated )
go/github.com/grafana/grafanaA user changing their email after signing up and verifying it can change it without verification in …
5.4
First published (updated )
Grafana GrafanaGrafana is an open-source platform for monitoring and observability. In Grafana Enterprise, Reques…
7.2
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Grafana GrafanaGrafana is an open-source platform for monitoring and observability. The vulnerability impacts insta…
7.2
First published (updated )
Grafana GrafanaGrafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email f…
9.8
First published (updated )
Grafana GrafanaGrafana is an open-source platform for monitoring and observability. The option to send a test ale…
6.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Grafana GrafanaStored XSS in Graphite FunctionDescription tooltip
6.2
First published (updated )
Grafana GrafanaWhen query caching is enabled in Grafana users can query another users session
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Grafana GrafanaGrafana stored XSS in FileUploader component
7.3
First published (updated )
redhat/grafanaGrafana vulnerable to spoofing originalUrl of snapshots
6.7
First published (updated )
Grafana GrafanaGrafana vulnerable to race condition allowing privilege escalation
9.8
First published (updated )
Grafana GrafanaGrafana subject to Exposure of Sensitive Information resulting in User enumeration via forget password
6.7
First published (updated )
Grafana GrafanaGrafana contains Improper Input Validation
8.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
redhat/grafanaGrafana users with email as a username can block other users from signing in
4.3
First published (updated )
Grafana GrafanaData source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
7.5
First published (updated )
Grafana GrafanaGrafana plugin signature bypass vulnerability
7.8
First published (updated )
Grafana GrafanaGrafana data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
7.5
First published (updated )
Grafana GrafanaGrafana folders admin only permission privilege escalation
7.6
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
redhat/grafanaAuthentication Bypass in Grafana via auth proxy allowing escalation from admin to server admin
6.6
First published (updated )
redhat/grafanaGrafana account takeover via OAuth vulnerability
7.5
First published (updated )
Grafana GrafanaStored XSS in Grafana's Unified Alerting
8.7
First published (updated )
Grafana GrafanaGrafana 8.4.3 allows unauthenticated access via (for example) a /dashboard/snapshot/*?orgId=0 URI. N…
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Grafana GrafanaGrafana Enterprise datasource network restrictions bypass via HTTP redirects
8.5
First published (updated )
Grafana GrafanaThe querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require a…
9.8
First published (updated )
Grafana GrafanaFGAC API Key privilege escalation in Grafana
8.8
First published (updated )
Redhat Ceph StorageAn issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password c…
9.8
First published (updated )
Grafana GrafanaExposure of Sensitive Information in Grafana
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
redhat/grafanaCross site scripting in Grafana proxy
6.8
First published (updated )
redhat/grafanaOAuth Identity Token exposure in Grafana
4.3
First published (updated )
Grafana GrafanaGrafana directory traversal for `.cvs` files
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Grafana GrafanaCross organization admin control in Grafana
9.1
First published (updated )
Grafana GrafanaXSS vulnerability allowing arbitrary JavaScript execution
6.9
First published (updated )
redhat/grafanaGrafana Authentication Bypass Vulnerability
First published (updated )
Grafana GrafanaOne of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.…
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Grafana GrafanaThe team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7…
6.5
First published (updated )
Grafana GrafanaThe team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issu…
6.5
First published (updated )
Grafana GrafanaGrafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to…
7.1
First published (updated )
redhat/grafanaThe snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to…
7.5
First published (updated )
redhat/grafanaA signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypas…
10
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.