461 matches found
Malicious code in grafana-strava-datasource (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c38acd1154b6064c05313534795a57d0d6e586cc8ebd1a6a353b4ccaa3b27465 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5920 Malicious code in grafana-strava-datasource (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c38acd1154b6064c05313534795a57d0d6e586cc8ebd1a6a353b4ccaa3b27465 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in astradb-datasource (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 74096e53a09b27153d49c9d4e25426156f25ff82dd4c2f4abfd88ba3651f8a78 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in azure-prometheus-datasource (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 47fd9dad2205644dc2dc1629b5ba8933f2243510d26fca0bb35e2fb3f1e602a4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in grafana-csv-datasource (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e9ad716a5ea97debbbad7d3b10d1b4a28c71a2e2b1143a6733443cc211de350f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5777 Malicious code in grafana-csv-datasource (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e9ad716a5ea97debbbad7d3b10d1b4a28c71a2e2b1143a6733443cc211de350f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5763 Malicious code in astradb-datasource (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 74096e53a09b27153d49c9d4e25426156f25ff82dd4c2f4abfd88ba3651f8a78 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in grafana-json-datasource (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0df63e5033b70f866f957f8443b533f09684b459897700f9ed44542d23b8fe82 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in grafana-iot-sitewise-datasource (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 97ddf55083335c582abfc892f9b5d93c8b5ee5232f0fa07ae4da45dd8eadc84b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5696 Malicious code in grafana-iot-sitewise-datasource (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 97ddf55083335c582abfc892f9b5d93c8b5ee5232f0fa07ae4da45dd8eadc84b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5698 Malicious code in grafana-json-datasource (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0df63e5033b70f866f957f8443b533f09684b459897700f9ed44542d23b8fe82 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in grafana-github-datasource (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 756c8548e63d376422abc6c7f12d97177a86331d9e8f4321c863bf8eeb5bf67a Any computer that has this package installed or running should be considered...
MAL-2025-5532 Malicious code in grafana-github-datasource (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 756c8548e63d376422abc6c7f12d97177a86331d9e8f4321c863bf8eeb5bf67a Any computer that has this package installed or running should be considered...
MAL-2025-5345 Malicious code in github-datasource (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2771dacd93c395c86cb08e3778a5f1003eb477b0338d318b052586d73a90eaae Any computer that has this package installed or running should be considered...
PowSyBl 安全漏洞
PowSyBl is an open source framework from PowSyBl, Inc. dedicated to the modeling and simulation of power systems. A security vulnerability exists in PowSyBl versions prior to 6.7.2, which stems from a regular expression denial of service vulnerability in the DataSource mechanism that could lead t...
GHSA-RQPX-F6RC-7HM5 PowSyBl Core contains Polynomial REDoS’es
Impact What kind of vulnerability is it? Who is impacted? This is an advisory for a potential polynomial Regular Expression Denial of Service ReDoS vulnerability in the PowSyBl's DataSource mechanism. When the listNamesString regex method is called on a DataSource, the user-supplied regular...
Grafana Labs < 11.6.1+security-01 Authorization Bypass (CVE-2025-3260)
The version of Grafana Labs installed on the remote host is affected by a vulnerability as referenced in the CVE-2025-3260 advisory. Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could...
BIT-GRAFANA-2025-3454
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
Grafana's datasource proxy API allows authorization checks to be bypassed
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
GHSA-9J65-RV5X-4VRF Grafana's datasource proxy API allows authorization checks to be bypassed
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...