Security Advisories

PublishedCVESeverity (CVSS)ProductAdvisory TitleUpdated
2025-09-19CVE-2025-10630 Low (4.3)Grafana Zabbix PluginRegex DoS in Zabbix Plugin
2025-08-04CVE-2025-8341 Medium (6.1)Grafana Infinity PluginSSRF in Infinity Plugin in Grafana
2025-07-18CVE-2025-6197 Medium (4.2)GrafanaOpen Redirect in Organization Switching in Grafana
2025-07-18CVE-2025-6023 High (7.6)GrafanaXSS in Scripted Dashboards in Grafana
2025-07-17CVE-2025-3415 Medium (4.3)GrafanaInformation Disclosure in DingDing Integration in Grafana
2025-06-17CVE-2025-1088 Low (2.7)GrafanaDoS in Dashboard Titles in Grafana
2025-06-02CVE-2025-3260 High (8.3)GrafanaAuthorization Bypass in Dashboard API in Grafana
2025-06-02CVE-2025-3454 Medium (5.0)GrafanaAuthorization Bypass in Data Source Proxy in Grafana
2025-05-22CVE-2025-3580 Medium (5.5)GrafanaPrivilege Escalation in Admin Management in Grafana
2025-05-21CVE-2025-4123 High (7.6)GrafanaXSS in Frontend Plugins in Grafana
2025-04-23CVE-2025-2703 Medium (6.8)GrafanaXSS in XY Chart Plugin in Grafana
2025-01-31CVE-2024-11741 Medium (4.3)GrafanaInformation Disclosure in VictorOps Integration in Grafana
2024-11-12CVE-2024-9476 Medium (5.1)GrafanaPrivilege Escalation in Organizations in Grafana
2024-10-28CVE-2024-10452 Low (2.2)GrafanaAuthorization Bypass in Invitations in Grafana
2024-10-17CVE-2024-9264 Critical (9.4)GrafanaRemote Code Execution in SQL Expressions in Grafana
2024-09-26CVE-2024-8118 Medium (5.1)GrafanaPermission Error in Alerting API in Grafana
2024-09-25CVE-2024-8996 High (7.3)Grafana AgentPrivilege Escalation in Service Path in Grafana Agent
2024-09-25CVE-2024-8975 High (7.3)Grafana AlloyPrivilege Escalation in Service Path in Grafana Alloy
2024-09-19CVE-2024-8986 Critical (9.1)Grafana Plugin SDKInformation Disclosure in Plugin SDK in Grafana
2024-07-23CVE-2024-6322 Medium (4.4)GrafanaAuthorization Bypass in Plugin Routes in Grafana
2024-05-30CVE-2024-5526 High (7.7)Grafana OnCallSSRF in Webhooks in Grafana OnCall
2024-03-26CVE-2024-1313 Medium (6.5)GrafanaAuthorization Bypass in Snapshots in Grafana
2024-03-07CVE-2024-1442 Medium (6.0)GrafanaPrivilege Escalation in Data Sources in Grafana
2024-02-14CVE-2023-5123 High (8.0)Grafana JSON PluginPath Traversal in JSON Plugin in Grafana2024-06-18
2024-02-14CVE-2023-5122 Medium (5.0)Grafana CSV PluginSSRF in CSV Plugin in Grafana
2024-02-13CVE-2023-6152 Medium (5.4)GrafanaVerification Bypass in Email Settings in Grafana
2023-10-12CVE-2023-4399 Medium (6.6)GrafanaNetwork Restriction Bypass in Data Sources in Grafana
2023-10-12CVE-2023-4822 Medium (6.7)GrafanaPrivilege Escalation in Organizations in Grafana
2023-09-19CVE-2023-4457 Medium (5.5)Grafana Google Sheets PluginInformation Disclosure in Google Sheets Plugin in Grafana
2023-06-22CVE-2023-3128 Critical (9.4)GrafanaAuthentication Bypass in Azure AD OAuth in Grafana
2023-06-08CVE-2023-3010 High (7.3)Grafana WorldMap PluginXSS in WorldMap Plugin in Grafana
2023-06-06CVE-2023-2183 High (7.5)GrafanaAuthorization Bypass in Alerting in Grafana
2023-06-06CVE-2023-2801 High (7.5)GrafanaRace Condition in Data Source Proxy in Grafana
2023-04-26CVE-2023-1387 Medium (4.2)GrafanaToken Leakage in URL Login in Grafana
2023-03-22CVE-2023-1410 Medium (6.2)GrafanaXSS in Graphite Functions in Grafana
2023-02-28CVE-2023-0507 High (7.3)GrafanaXSS in Geomap in Grafana
2023-02-28CVE-2023-22462 Medium (6.4)GrafanaXSS in Text Panel in Grafana
2023-02-28CVE-2023-0594 High (7.3)GrafanaXSS in TraceView in Grafana
2023-02-01CVE-2022-23498 High (7.1)GrafanaInformation Disclosure in Query Cache in Grafana
2023-01-26CVE-2022-39324 Medium (6.7)GrafanaURL Spoofing in Snapshots in Grafana
2023-01-26CVE-2022-23552 High (7.3)GrafanaXSS in ResourcePicker in Grafana
2022-11-08CVE-2022-39307 Medium (6.7)GrafanaInformation Disclosure in Password Reset in Grafana
2022-11-08CVE-2022-39306 Medium (6.4)GrafanaInput Validation Bypass in User Registration in Grafana
2022-11-08CVE-2022-39328 Critical (9.8)GrafanaRace Condition in Authentication in Grafana
2022-10-12CVE-2022-39201 Medium (6.8)GrafanaCookie Leakage in Proxy in Grafana
2022-10-12CVE-2022-31123 Medium (6.1)GrafanaSignature Bypass in Plugin System in Grafana
2022-10-12CVE-2022-31130 Medium (4.9)GrafanaToken Leakage in Proxy in Grafana
2022-10-12CVE-2022-39229 Medium (4.3)GrafanaUser Enumeration in Login in Grafana
2022-09-20CVE-2022-35957 Medium (6.6)GrafanaPrivilege Escalation in Auth Proxy in Grafana
2022-09-20CVE-2022-36062 High (7.1)GrafanaPrivilege Escalation in Folder Permissions in Grafana
2022-08-30CVE-2022-31176 High (7.6)Grafana Image Renderer PluginFile Disclosure in Image Renderer in Grafana
2022-07-14CVE-2022-31107 High (7.1)GrafanaAccount Takeover in OAuth in Grafana
2022-07-14CVE-2022-31097 High (7.3)GrafanaXSS in Unified Alerting in Grafana
2022-05-19CVE-2022-29170 Medium (6.6)GrafanaNetwork Restriction Bypass in Data Sources in Grafana
2022-04-12CVE-2022-24812 High (8.0)GrafanaPrivilege Escalation in API Keys in Grafana
2022-02-08CVE-2022-21703 Medium (6.3)GrafanaCSRF in Web Interface in Grafana
2022-02-08CVE-2022-21713 Medium (4.3)GrafanaIDOR in Teams API in Grafana
2022-02-08CVE-2022-21702 Medium (6.5)GrafanaXSS in Proxy in Grafana
2022-01-18CVE-2022-21673 Medium (4.3)GrafanaToken Leakage in OAuth in Grafana