455 matches found
MAL-2025-5696 Malicious code in grafana-iot-sitewise-datasource (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 97ddf55083335c582abfc892f9b5d93c8b5ee5232f0fa07ae4da45dd8eadc84b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in grafana-iot-sitewise-datasource (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 97ddf55083335c582abfc892f9b5d93c8b5ee5232f0fa07ae4da45dd8eadc84b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5698 Malicious code in grafana-json-datasource (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0df63e5033b70f866f957f8443b533f09684b459897700f9ed44542d23b8fe82 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in grafana-json-datasource (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0df63e5033b70f866f957f8443b533f09684b459897700f9ed44542d23b8fe82 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5532 Malicious code in grafana-github-datasource (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 756c8548e63d376422abc6c7f12d97177a86331d9e8f4321c863bf8eeb5bf67a Any computer that has this package installed or running should be considered...
Malicious code in grafana-github-datasource (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 756c8548e63d376422abc6c7f12d97177a86331d9e8f4321c863bf8eeb5bf67a Any computer that has this package installed or running should be considered...
MAL-2025-5345 Malicious code in github-datasource (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2771dacd93c395c86cb08e3778a5f1003eb477b0338d318b052586d73a90eaae Any computer that has this package installed or running should be considered...
PowSyBl 安全漏洞
PowSyBl is an open source framework from PowSyBl, Inc. dedicated to the modeling and simulation of power systems. A security vulnerability exists in PowSyBl versions prior to 6.7.2, which stems from a regular expression denial of service vulnerability in the DataSource mechanism that could lead t...
GHSA-RQPX-F6RC-7HM5 PowSyBl Core contains Polynomial REDoS’es
Impact What kind of vulnerability is it? Who is impacted? This is an advisory for a potential polynomial Regular Expression Denial of Service ReDoS vulnerability in the PowSyBl's DataSource mechanism. When the listNamesString regex method is called on a DataSource, the user-supplied regular...
Grafana Labs < 11.6.1+security-01 Authorization Bypass (CVE-2025-3260)
The version of Grafana Labs installed on the remote host is affected by a vulnerability as referenced in the CVE-2025-3260 advisory. Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could...
BIT-GRAFANA-2025-3454
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
Grafana's datasource proxy API allows authorization checks to be bypassed
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
GHSA-9J65-RV5X-4VRF Grafana's datasource proxy API allows authorization checks to be bypassed
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
UBUNTU-CVE-2025-3454
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
CVE-2025-3454
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
CVE-2025-3454
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
CVE-2025-3454
Grafana’s CVE-2025-3454 affects the datasource proxy API, where an extra slash in the URL path bypasses authorization checks, potentially allowing read access to GET endpoints for Alertmanager and Prometheus datasources. The issue targets route-specific permission implementations and is noted in ...
Authorization Bypass in Datasource Proxy
This vulnerability in Grafana’s datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
CVE-2023-5123
The JSON datasource plugin https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote endpoint including a specific sub-path configured by an administrator. Due to inadequate...
CVE-2025-45618
Incorrect access control in the component /admin/sys/datasource/ajaxList of jeeweb-mybatis-springboot v0.0.1.RELEASE allows attackers to access sensitive information via a crafted payload...