Grafana 11.5.x < 11.5.3 Improper Authorization

According to its self-reported version, the Grafana install hosted on the remote host is prior to 10.4.17, or 11.2.x prior to 11.2.8, or 11.3.x prior to 11.3.5, or 11.4.x prior to 11.4.3, or 11.5.x prior to 11.5.3. It is, therefore, affected by an improper authorization. - Grafana's datasource...

Grafana 11.2.x < 11.2.8 Improper Authorization

According to its self-reported version, the Grafana install hosted on the remote host is prior to 10.4.17, or 11.2.x prior to 11.2.8, or 11.3.x prior to 11.3.5, or 11.4.x prior to 11.4.3, or 11.5.x prior to 11.5.3. It is, therefore, affected by an improper authorization. - Grafana's datasource...

Grafana 11.3.x < 11.3.5 Improper Authorization

According to its self-reported version, the Grafana install hosted on the remote host is prior to 10.4.17, or 11.2.x prior to 11.2.8, or 11.3.x prior to 11.3.5, or 11.4.x prior to 11.4.3, or 11.5.x prior to 11.5.3. It is, therefore, affected by an improper authorization. - Grafana's datasource...

Grafana < 10.4.17 Improper Authorization

According to its self-reported version, the Grafana install hosted on the remote host is prior to 10.4.17, or 11.2.x prior to 11.2.8, or 11.3.x prior to 11.3.5, or 11.4.x prior to 11.4.3, or 11.5.x prior to 11.5.3. It is, therefore, affected by an improper authorization. - Grafana's datasource...

EUVD-2022-2562

Malicious code in bioql PyPI...

EUVD-2025-16644

Malicious code in bioql PyPI...

EUVD-2024-54485

Malicious code in bioql PyPI...

EUVD-2025-24821

Malicious code in bioql PyPI...

EUVD-2022-28551

Malicious code in bioql PyPI...

EUVD-2022-4628

Malicious code in bioql PyPI...

EUVD-2022-3028

Malicious code in bioql PyPI...

EUVD-2022-4044

Malicious code in bioql PyPI...

EUVD-2022-4802

Malicious code in bioql PyPI...

RLSA-2025:8915 Moderate: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in...

Security update for cloud-init

This update for cloud-init fixes the following issues: Update to version 25.1.3 bsc1245401,bsc1245403: docs: provide example3 for PAM and sshpwauth behavior 27 fix: Make hotplug socket writable only by root 25 CVE-2024-11584 fix: Don't attempt to identify non-x86 OpenStack instances LP: 2069607...

CVE-2025-58046 Dataease has a JDBC attack vulnerability in the Impala datasource

Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code execution due to insufficient filtering in the getJdbc method of the io.dataease.datasource.type.Impala class. Attackers can construct...

Improper Access Control

apachesuperset is vulnerable to Improper Access Control. The vulnerability is due to a missing authorization check in the /explore endpoint, which allows an attacker to enumerate datasourceid values and disclose sensitive metadata about protected datasources...

Linux Distros Unpatched Vulnerability : CVE-2022-23498

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including...

Linux Distros Unpatched Vulnerability : CVE-2020-24303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource. CVE-2020-24303 Note that Nessus relies on the presence of the package...

Improper Input Validation

github.com/grafana/grafana-infinity-datasource is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of allowed URL restrictions, which allows an attacker to bypass configured URL checks using a specially crafted URL...