EUVD-2026-2032

Improper Validation of Array Index CWE-129 exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation CAPEC-153 via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input...

CVE-2026-0528

CVE-2026-0528 affects Elastic Beats (Metricbeat) and related metricsets. The root cause is improper validation of array index (CWE-129) in the Graphite and Zookeeper metricsets and improper input validation (CWE-20) in the Prometheus helper module, leading to Denial of Service via specially craft...

CVE-2026-0528 Improper Input Validation in Metricbeat Leading to Denial of Service

Improper Validation of Array Index CWE-129 exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation CAPEC-153 via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input...

CVE-2026-0528 Improper Input Validation in Metricbeat Leading to Denial of Service

Improper Validation of Array Index CWE-129 exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation CAPEC-153 via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input...

Metricbeat 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-01)

Improper Input Validation in Metricbeat Leading to Denial of Service ESA-2026-01 Improper Validation of Array Index CWE-129 exists in Metricbeat can allow an attacker to cause a Denial of Service via Input Data Manipulation CAPEC-153 using specially crafted, malformed payloads sent to the Graphit...

PT-2026-2632

Name of the Vulnerable Software and Affected Versions Metricbeat affected versions not specified Description The software contains flaws related to improper validation of array indices and improper input validation. These issues can be exploited through specially crafted, malformed payloads sent ...

CVE-2021-22178

An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration...

CVE-2021-22166

An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method...

GHSA-3M87-5598-2V4F vulnerabilities

Vulnerabilities for packages: prometheus, grafana...

CVE-2019-3826 vulnerabilities

Vulnerabilities for packages: prometheus, grafana...

CVE-2025-47908 vulnerabilities

Vulnerabilities for packages: prometheus-alertmanager, timestamp-authority, rekor, fulcio, ipfs, datadog-agent, cortex, grafana-mimir...

Kasten Prometheus Export via remote_write

Purpose Kasten now supports exporting metrics from the embedded Prometheus to external backends using Prometheus's remotewrite capability. This feature supports the collection, aggregation, and visualization of cluster and multi-cluster metrics in monitoring tools like Grafana Cloud and Datadog...

Malicious code in prometheus_gcstat (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-192912 Malicious code in prometheus_client_ruby (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in prometheus_client_ruby (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

CVE-2025-65637 affecting package prometheus for versions less than 2.37.9-6

CVE-2025-65637 affecting package prometheus for versions less than 2.37.9-6. A patched version of the package is available...

openSUSE Security Advisory (SUSE-SU-2025:4481-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : golang-github-prometheus-alertmanager (SUSE-SU-2025:4481-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:4481-1 advisory. - Update to version 0.28.1 jscPED-13285: Improved performance of inhibition rules when using Equal labels. Improve the documentation on...

SUSE-SU-2025:4481-1 Security update for golang-github-prometheus-alertmanager

This update for golang-github-prometheus-alertmanager fixes the following issues: - Update to version 0.28.1 jscPED-13285: Improved performance of inhibition rules when using Equal labels. Improve the documentation on escaping in UTF-8 matchers. Update alertmanagerconfighash metric help to docume...

CVE-2025-61727 vulnerabilities

Vulnerabilities for packages: opencost, terraform, mesosphere-vsphere-csi, nri-jmx, metrics-server, nri-rabbitmq, kserve-rest-proxy, mountpoint-s3-csi-driver, osv-scanner, spire-controller-manager, sftpgo-plugin-kms, protoc-gen-go, harbor-scanner-trivy, kubernetes-csi-external-resizer,...