Security Advisories
Published | CVE | Severity (CVSS) | Product | Advisory Title | Updated |
---|---|---|---|---|---|
2025-09-19 | CVE-2025-10630 | Low (4.3) | Grafana Zabbix Plugin | Regex DoS in Zabbix Plugin | — |
2025-08-04 | CVE-2025-8341 | Medium (6.1) | Grafana Infinity Plugin | SSRF in Infinity Plugin in Grafana | — |
2025-07-18 | CVE-2025-6197 | Medium (4.2) | Grafana | Open Redirect in Organization Switching in Grafana | — |
2025-07-18 | CVE-2025-6023 | High (7.6) | Grafana | XSS in Scripted Dashboards in Grafana | — |
2025-07-17 | CVE-2025-3415 | Medium (4.3) | Grafana | Information Disclosure in DingDing Integration in Grafana | — |
2025-06-17 | CVE-2025-1088 | Low (2.7) | Grafana | DoS in Dashboard Titles in Grafana | — |
2025-06-02 | CVE-2025-3260 | High (8.3) | Grafana | Authorization Bypass in Dashboard API in Grafana | — |
2025-06-02 | CVE-2025-3454 | Medium (5.0) | Grafana | Authorization Bypass in Data Source Proxy in Grafana | — |
2025-05-22 | CVE-2025-3580 | Medium (5.5) | Grafana | Privilege Escalation in Admin Management in Grafana | — |
2025-05-21 | CVE-2025-4123 | High (7.6) | Grafana | XSS in Frontend Plugins in Grafana | — |
2025-04-23 | CVE-2025-2703 | Medium (6.8) | Grafana | XSS in XY Chart Plugin in Grafana | — |
2025-01-31 | CVE-2024-11741 | Medium (4.3) | Grafana | Information Disclosure in VictorOps Integration in Grafana | — |
2024-11-12 | CVE-2024-9476 | Medium (5.1) | Grafana | Privilege Escalation in Organizations in Grafana | — |
2024-10-28 | CVE-2024-10452 | Low (2.2) | Grafana | Authorization Bypass in Invitations in Grafana | — |
2024-10-17 | CVE-2024-9264 | Critical (9.4) | Grafana | Remote Code Execution in SQL Expressions in Grafana | — |
2024-09-26 | CVE-2024-8118 | Medium (5.1) | Grafana | Permission Error in Alerting API in Grafana | — |
2024-09-25 | CVE-2024-8996 | High (7.3) | Grafana Agent | Privilege Escalation in Service Path in Grafana Agent | — |
2024-09-25 | CVE-2024-8975 | High (7.3) | Grafana Alloy | Privilege Escalation in Service Path in Grafana Alloy | — |
2024-09-19 | CVE-2024-8986 | Critical (9.1) | Grafana Plugin SDK | Information Disclosure in Plugin SDK in Grafana | — |
2024-07-23 | CVE-2024-6322 | Medium (4.4) | Grafana | Authorization Bypass in Plugin Routes in Grafana | — |
2024-05-30 | CVE-2024-5526 | High (7.7) | Grafana OnCall | SSRF in Webhooks in Grafana OnCall | — |
2024-03-26 | CVE-2024-1313 | Medium (6.5) | Grafana | Authorization Bypass in Snapshots in Grafana | — |
2024-03-07 | CVE-2024-1442 | Medium (6.0) | Grafana | Privilege Escalation in Data Sources in Grafana | — |
2024-02-14 | CVE-2023-5123 | High (8.0) | Grafana JSON Plugin | Path Traversal in JSON Plugin in Grafana | 2024-06-18 |
2024-02-14 | CVE-2023-5122 | Medium (5.0) | Grafana CSV Plugin | SSRF in CSV Plugin in Grafana | — |
2024-02-13 | CVE-2023-6152 | Medium (5.4) | Grafana | Verification Bypass in Email Settings in Grafana | — |
2023-10-12 | CVE-2023-4399 | Medium (6.6) | Grafana | Network Restriction Bypass in Data Sources in Grafana | — |
2023-10-12 | CVE-2023-4822 | Medium (6.7) | Grafana | Privilege Escalation in Organizations in Grafana | — |
2023-09-19 | CVE-2023-4457 | Medium (5.5) | Grafana Google Sheets Plugin | Information Disclosure in Google Sheets Plugin in Grafana | — |
2023-06-22 | CVE-2023-3128 | Critical (9.4) | Grafana | Authentication Bypass in Azure AD OAuth in Grafana | — |
2023-06-08 | CVE-2023-3010 | High (7.3) | Grafana WorldMap Plugin | XSS in WorldMap Plugin in Grafana | — |
2023-06-06 | CVE-2023-2183 | High (7.5) | Grafana | Authorization Bypass in Alerting in Grafana | — |
2023-06-06 | CVE-2023-2801 | High (7.5) | Grafana | Race Condition in Data Source Proxy in Grafana | — |
2023-04-26 | CVE-2023-1387 | Medium (4.2) | Grafana | Token Leakage in URL Login in Grafana | — |
2023-03-22 | CVE-2023-1410 | Medium (6.2) | Grafana | XSS in Graphite Functions in Grafana | — |
2023-02-28 | CVE-2023-0507 | High (7.3) | Grafana | XSS in Geomap in Grafana | — |
2023-02-28 | CVE-2023-22462 | Medium (6.4) | Grafana | XSS in Text Panel in Grafana | — |
2023-02-28 | CVE-2023-0594 | High (7.3) | Grafana | XSS in TraceView in Grafana | — |
2023-02-01 | CVE-2022-23498 | High (7.1) | Grafana | Information Disclosure in Query Cache in Grafana | — |
2023-01-26 | CVE-2022-39324 | Medium (6.7) | Grafana | URL Spoofing in Snapshots in Grafana | — |
2023-01-26 | CVE-2022-23552 | High (7.3) | Grafana | XSS in ResourcePicker in Grafana | — |
2022-11-08 | CVE-2022-39307 | Medium (6.7) | Grafana | Information Disclosure in Password Reset in Grafana | — |
2022-11-08 | CVE-2022-39306 | Medium (6.4) | Grafana | Input Validation Bypass in User Registration in Grafana | — |
2022-11-08 | CVE-2022-39328 | Critical (9.8) | Grafana | Race Condition in Authentication in Grafana | — |
2022-10-12 | CVE-2022-39201 | Medium (6.8) | Grafana | Cookie Leakage in Proxy in Grafana | — |
2022-10-12 | CVE-2022-31123 | Medium (6.1) | Grafana | Signature Bypass in Plugin System in Grafana | — |
2022-10-12 | CVE-2022-31130 | Medium (4.9) | Grafana | Token Leakage in Proxy in Grafana | — |
2022-10-12 | CVE-2022-39229 | Medium (4.3) | Grafana | User Enumeration in Login in Grafana | — |
2022-09-20 | CVE-2022-35957 | Medium (6.6) | Grafana | Privilege Escalation in Auth Proxy in Grafana | — |
2022-09-20 | CVE-2022-36062 | High (7.1) | Grafana | Privilege Escalation in Folder Permissions in Grafana | — |
2022-08-30 | CVE-2022-31176 | High (7.6) | Grafana Image Renderer Plugin | File Disclosure in Image Renderer in Grafana | — |
2022-07-14 | CVE-2022-31107 | High (7.1) | Grafana | Account Takeover in OAuth in Grafana | — |
2022-07-14 | CVE-2022-31097 | High (7.3) | Grafana | XSS in Unified Alerting in Grafana | — |
2022-05-19 | CVE-2022-29170 | Medium (6.6) | Grafana | Network Restriction Bypass in Data Sources in Grafana | — |
2022-04-12 | CVE-2022-24812 | High (8.0) | Grafana | Privilege Escalation in API Keys in Grafana | — |
2022-02-08 | CVE-2022-21703 | Medium (6.3) | Grafana | CSRF in Web Interface in Grafana | — |
2022-02-08 | CVE-2022-21713 | Medium (4.3) | Grafana | IDOR in Teams API in Grafana | — |
2022-02-08 | CVE-2022-21702 | Medium (6.5) | Grafana | XSS in Proxy in Grafana | — |
2022-01-18 | CVE-2022-21673 | Medium (4.3) | Grafana | Token Leakage in OAuth in Grafana | — |