MAL-2025-14258 Malicious code in albatross-infinity-erv465-project (npm)

The package albatross-infinity-erv465-project was found to contain malicious code...

MAL-2025-38424 Malicious code in violet-infinity-qzv171-project (npm)

The package violet-infinity-qzv171-project was found to contain malicious code...

MAL-2025-24555 Malicious code in kite-infinity-lub379-project (npm)

The package kite-infinity-lub379-project was found to contain malicious code...

MAL-2025-18746 Malicious code in dragon-infinity-fnk008-project (npm)

The package dragon-infinity-fnk008-project was found to contain malicious code...

MAL-2025-22523 Malicious code in honey-infinity-ooh364-project (npm)

The package honey-infinity-ooh364-project was found to contain malicious code...

MAL-2025-23199 Malicious code in infinity-iceberg-pxa717-project (npm)

The package infinity-iceberg-pxa717-project was found to contain malicious code...

MAL-2025-23200 Malicious code in infinity-lightning-lij114-project (npm)

The package infinity-lightning-lij114-project was found to contain malicious code...

MAL-2025-23202 Malicious code in infinity-rainbow-lfq530-project (npm)

The package infinity-rainbow-lfq530-project was found to contain malicious code...

Malicious code in violet-infinity-qzv171-project (npm)

The package violet-infinity-qzv171-project was found to contain malicious code...

Malicious code in spruce-infinity-qym565-project (npm)

The package spruce-infinity-qym565-project was found to contain malicious code...

SUSE CVE-2025-8341

Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this...

GO-2025-3843 Grafana Infinity Datasource Plugin SSRF Vulnerability in github.com/grafana/grafana-infinity-datasource

Grafana Infinity Datasource Plugin SSRF Vulnerability in github.com/grafana/grafana-infinity-datasource...

The vulnerability of the visualization plugin for the Infinity Datasource platform used in Grafana monitoring and observation systems stems from server-side request manipulation. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the Infinity Datasource plugin for the Grafana monitoring and observation platform relates to server-side request manipulation. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

CVE-2025-8341

A flaw was found in github.com/grafana/grafana-infinity-datasource. The Infinity datasource plugin incorrectly handles configuration when restricted to certain data sources, allowing an attacker to potentially trigger an out-of-bounds read. This vulnerability allows a remote attacker to manipulat...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the URL validation process. An attacker can access internal or otherwise restricted resources by submitting a specially crafted URL that bypasses configured allowlists. Remediation Upgrade...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the URL validation process. An attacker can access internal or otherwise restricted resources by submitting a specially crafted URL that bypasses configured allowlists. Remediation Upgrade...

GHSA-3C93-92R7-J934 Grafana Infinity Datasource Plugin SSRF Vulnerability

Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this...

Grafana Infinity Datasource Plugin SSRF Vulnerability

Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this...

CVE-2025-8341

Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this...

CVE-2025-8341

Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this...