Lucene search
K

14 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-1406

Malicious code in bioql PyPI...

6.7CVSS7AI score0.00828EPSS
Exploits0References8
OSV
OSV
added 2025/07/29 6:49 p.m.2 views

GO-2025-3814 Grafana's insecure DingDing Alert integration exposes sensitive information in github.com/grafana/grafana

Grafana's insecure DingDing Alert integration exposes sensitive information in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

4.3CVSS5.6AI score0.0089EPSS
Exploits0References11
Veracode
Veracode
added 2025/07/22 8:54 a.m.8 views

Open Redirect

github.com/grafana/grafana is vulnerable to open redirect. The vulnerability is due to improper validation of redirect URLs, which allows an attacker to chain it with path traversal issues to perform cross-site scripting XSS attacks...

7.6CVSS6AI score0.37565EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/07/17 12:30 p.m.16 views

Grafana's insecure DingDing Alert integration exposes sensitive information

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01,...

4.3CVSS6AI score0.0089EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2025/06/18 12:30 p.m.71 views

Grafana long dashboard title or panel name causes unresponsives

In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher...

2.7CVSS3.7AI score0.00394EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/18 9:54 a.m.3 views

CVE-2025-1088 Very long unicode dashboard title or panel name can hang the frontend

In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher...

2.7CVSS3.7AI score0.00394EPSS
Exploits0References1
OSV
OSV
added 2025/06/02 12:30 p.m.6 views

GHSA-9J65-RV5X-4VRF Grafana's datasource proxy API allows authorization checks to be bypassed

This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...

5CVSS7AI score0.12241EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 12:52 a.m.7 views

CVE-2022-32276

Grafana 8.4.3 allows unauthenticated access via for example a /dashboard/snapshot/?orgId=0 URI. NOTE: the vendor considers this a UI bug, not a vulnerability...

7.5CVSS7AI score0.03487EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.3 views

PT-2023-8896 · Grafana +2 · Grafana +2

Name of the Vulnerable Software and Affected Versions: Grafana affected versions not specified Description: The issue impacts Grafana instances with multiple organizations, allowing a user with Organization Admin permissions in one organization to change permissions associated with Organization...

8.3CVSS6.5AI score0.01082EPSS
Exploits0References26
Vulnrichment
Vulnrichment
added 2023/06/06 6:3 p.m.9 views

CVE-2023-2801

Grafana is an open-source platform for monitoring and observability. Using public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance. The only feature that uses mixed queries at the moment is public...

7.5CVSS6.2AI score0.00745EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/03/01 3:35 p.m.9 views

CVE-2023-0507

Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible due to map attributions weren't properly sanitized and allowed arbitrary JavaScript...

7.3CVSS6.5AI score0.1546EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2020/06/02 5:15 p.m.29 views

CVE-2018-18624

Grafana 5.3.1 has XSS via a column style on the "Dashboard Table Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099...

6.1CVSS6.9AI score0.014EPSS
Exploits1References2
OSV
OSV
added 2018/08/28 9:5 a.m.9 views

SUSE-SU-2018:2536-1 Security update for grafana, kafka, logstash and monasca-installer

This update for grafana, kafka, logstash and monasca-installer fixes the following issues: The following security issues have been fixed: grafana: - CVE-2018-12099: Fix Cross-Site-Scripting XSS vulnerabilities in dashboard links. bsc1096985 kafka: - CVE-2018-1288: Authenticated Kafka users may...

6.5CVSS6.6AI score0.04801EPSS
Exploits1References12
OSV
OSV
added 2018/08/14 6:3 a.m.10 views

SUSE-SU-2018:2317-1 Security update for grafana, kafka, logstash, openstack-monasca-installer

This update for grafana, kafka, logstash, openstack-monasca-installer fixes the following issues: Security issues fixed: - CVE-2018-12099: grafana: Fix XSS vulnerabilities in dashboard links bsc1096985. - CVE-2018-3817: logstash: Fix inadvertently logging of sensitive information bsc1090849. Bug...

6.5CVSS6.5AI score0.02073EPSS
Exploits1References10
Rows per page
Query Builder