CVE-2025-8341 SSRF in Infinity Datasource Plugin

Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this...

SSRF in Infinity Datasource Plugin

Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this...

PT-2025-31801 · Grafana · Infinity Datasource Plugin +1

Name of the Vulnerable Software and Affected Versions: Grafana versions prior to 3.4.1 Description: Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML...

cloud-init security update

23.4-7.0.2.el810.10 - Fixes regression in cloud-init with module ccwritefilesdeferred Orabug: 37382965 - Update IPv6 IMDS endpoint to ULA and drop NIC identifier Orabug: 35965980 - Enable IPv6 Orabug: 36502414 - Added missing services in rhel/systemd/cloud-init.service Orabug: 32183938 - Increase...

Malicious code in grafana-strava-datasource (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c38acd1154b6064c05313534795a57d0d6e586cc8ebd1a6a353b4ccaa3b27465 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5919 Malicious code in grafana-amazonprometheus-datasource (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d7359e2541c67fe090610ee101544e2e2da0fc6232b1fff166f71c0bd3c1f0e6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in grafana-amazonprometheus-datasource (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d7359e2541c67fe090610ee101544e2e2da0fc6232b1fff166f71c0bd3c1f0e6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5920 Malicious code in grafana-strava-datasource (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c38acd1154b6064c05313534795a57d0d6e586cc8ebd1a6a353b4ccaa3b27465 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in astradb-datasource (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 74096e53a09b27153d49c9d4e25426156f25ff82dd4c2f4abfd88ba3651f8a78 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5763 Malicious code in astradb-datasource (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 74096e53a09b27153d49c9d4e25426156f25ff82dd4c2f4abfd88ba3651f8a78 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in grafana-csv-datasource (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e9ad716a5ea97debbbad7d3b10d1b4a28c71a2e2b1143a6733443cc211de350f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in azure-prometheus-datasource (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 47fd9dad2205644dc2dc1629b5ba8933f2243510d26fca0bb35e2fb3f1e602a4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5777 Malicious code in grafana-csv-datasource (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e9ad716a5ea97debbbad7d3b10d1b4a28c71a2e2b1143a6733443cc211de350f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5696 Malicious code in grafana-iot-sitewise-datasource (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 97ddf55083335c582abfc892f9b5d93c8b5ee5232f0fa07ae4da45dd8eadc84b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in grafana-iot-sitewise-datasource (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 97ddf55083335c582abfc892f9b5d93c8b5ee5232f0fa07ae4da45dd8eadc84b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5698 Malicious code in grafana-json-datasource (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0df63e5033b70f866f957f8443b533f09684b459897700f9ed44542d23b8fe82 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in grafana-json-datasource (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0df63e5033b70f866f957f8443b533f09684b459897700f9ed44542d23b8fe82 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5532 Malicious code in grafana-github-datasource (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 756c8548e63d376422abc6c7f12d97177a86331d9e8f4321c863bf8eeb5bf67a Any computer that has this package installed or running should be considered...

Malicious code in grafana-github-datasource (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 756c8548e63d376422abc6c7f12d97177a86331d9e8f4321c863bf8eeb5bf67a Any computer that has this package installed or running should be considered...

MAL-2025-5345 Malicious code in github-datasource (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2771dacd93c395c86cb08e3778a5f1003eb477b0338d318b052586d73a90eaae Any computer that has this package installed or running should be considered...