Filters
Software
go/github.com/grafana/grafanaOrganization admins can delete pending invites created in an organization they are not part of.
2.7
First published (updated )
go/github.com/grafana/grafanaGrafana SQL Expressions allow for remote code execution
10
EPSS
0.05%
First published (updated )
Grafana AgentGrafana Agent Flow on Windows Unquoted service path
7.8
EPSS
0.04%
First published (updated )
Grafana AlloyGrafana Alloy on Windows Unquoted service path
7.8
EPSS
0.04%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
go/github.com/grafana/grafanaA user changing their email after signing up and verifying it can change it without verification in …
5.4
First published (updated )
Grafana GrafanaGrafana is an open-source platform for monitoring and observability. In Grafana Enterprise, Reques…
7.2
First published (updated )
Grafana Google SheetsGrafana is an open-source platform for monitoring and observability. The Google Sheets data source …
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Grafana GrafanaGrafana is an open-source platform for monitoring and observability. The vulnerability impacts insta…
7.2
First published (updated )
Grafana GrafanaGrafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email f…
9.8
First published (updated )
Grafana GrafanaGrafana is an open-source platform for monitoring and observability. The option to send a test ale…
6.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Grafana GrafanaStored XSS in Graphite FunctionDescription tooltip
6.2
First published (updated )
Grafana GrafanaWhen query caching is enabled in Grafana users can query another users session
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Grafana GrafanaGrafana stored XSS in FileUploader component
7.3
First published (updated )
Grafana Enterprise MetricsAccess policy with access to all tenants and using label selectors has more access
8.8
First published (updated )
Grafana Synthetic Monitoring AgentGrafana's default installation of `synthetic-monitoring-agent` exposes sensitive information
7.2
First published (updated )
redhat/grafanaGrafana vulnerable to spoofing originalUrl of snapshots
6.7
First published (updated )
Grafana GrafanaGrafana vulnerable to race condition allowing privilege escalation
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Grafana GrafanaGrafana subject to Exposure of Sensitive Information resulting in User enumeration via forget password
6.7
First published (updated )
Grafana GrafanaGrafana contains Improper Input Validation
8.1
First published (updated )
redhat/grafanaGrafana users with email as a username can block other users from signing in
4.3
First published (updated )
Grafana GrafanaData source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
7.5
First published (updated )
Grafana GrafanaGrafana plugin signature bypass vulnerability
7.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Grafana GrafanaGrafana data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
7.5
First published (updated )
Grafana GrafanaGrafana folders admin only permission privilege escalation
7.6
First published (updated )
redhat/grafanaAuthentication Bypass in Grafana via auth proxy allowing escalation from admin to server admin
6.6
First published (updated )
Grafana Grafana-image-rendererGrafana Image Renderer leaking files
8.3
First published (updated )
redhat/grafanaGrafana account takeover via OAuth vulnerability
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Grafana GrafanaStored XSS in Grafana's Unified Alerting
8.7
First published (updated )
Grafana GrafanaGrafana 8.4.3 allows unauthenticated access via (for example) a /dashboard/snapshot/*?orgId=0 URI. N…
7.5
First published (updated )
Grafana GrafanaGrafana Enterprise datasource network restrictions bypass via HTTP redirects
8.5
First published (updated )
Grafana GrafanaThe querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require a…
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Grafana GrafanaFGAC API Key privilege escalation in Grafana
8.8
First published (updated )
Redhat Ceph StorageAn issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password c…
9.8
First published (updated )
Grafana GrafanaExposure of Sensitive Information in Grafana
4.3
First published (updated )
redhat/grafanaCross site scripting in Grafana proxy
6.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
redhat/grafanaOAuth Identity Token exposure in Grafana
4.3
First published (updated )
Grafana GrafanaGrafana directory traversal for `.cvs` files
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.