43 matches found
GHSA-5WRP-CWCJ-Q835 vulnerabilities
Vulnerabilities for packages: kuma, grafana-fips, teleport, aws-iam-authenticator-fips, crossplane-provider-azure-storagecache, crossplane-provider-azure-servicenetworking, coredns, knative-serving, syft, ingress-nginx-controller-fips, k8sgateway-fips, gcp-compute-persistent-disk-csi-driver,...
GHSA-RX8G-88G5-QH64 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards, grafana-image-renderer...
CVE-2025-57352 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards, grafana-image-renderer...
GHSA-RX8G-88G5-QH64 vulnerabilities
Vulnerabilities for packages: foxx-cli, opensearch-dashboards-fips, opensearch-dashboards, grafana-image-renderer...
CVE-2025-57352 vulnerabilities
Vulnerabilities for packages: foxx-cli, opensearch-dashboards-fips, opensearch-dashboards, grafana-image-renderer...
BIT-GRAFANA-IMAGE-RENDERER-2025-11539 Arbitrary Code Execution in Grafana Image Renderer Plugin
Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...
CVE-2025-11539
Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...
CVE-2025-11539
Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...
CVE-2025-11539
Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...
CVE-2025-11539 Arbitrary Code Execution in Grafana Image Renderer Plugin
Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...
EUVD-2025-33321
Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...
CVE-2025-11539
Grafana Image Renderer (grafana-image-renderer) is affected by an ARBITRARY FILE WRITE leading to remote code execution via /render/csv, where a lack of validation of filePath allows saving a shared object to an arbitrary location loaded by Chromium. Affected versions are 1.0.0 through 4.0.16. Ex...
CVE-2025-11539 Arbitrary Code Execution in Grafana Image Renderer Plugin
Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...
PT-2025-41359
Name of the Vulnerable Software and Affected Versions Grafana Image Renderer versions 1.0.0 through 4.0.16 Description Grafana Image Renderer is susceptible to remote code execution due to an arbitrary file write issue. The /render/csv API endpoint lacks proper validation of the filePath paramete...
grafana-image-renderer 安全漏洞
grafana-image-renderer is a Grafana open source backend plugin for Grafana. A security vulnerability exists in grafana-image-renderer versions 1.0.0 through 4.0.16, which stems from the /render/csv endpoint that does not validate the filePath parameter, which could lead to remote code execution...
EUVD-2022-52777
Malicious code in bioql PyPI...
CVE-2025-59343 vulnerabilities
Vulnerabilities for packages: langfuse, code-server, tileserver-gl, grafana-image-renderer, sqlpad...
GHSA-VJ76-C3G6-QR5V vulnerabilities
Vulnerabilities for packages: langfuse, code-server, tileserver-gl, grafana-image-renderer, sqlpad...
GHSA-XFFM-G5W8-QVG7 vulnerabilities
Vulnerabilities for packages: grafana-image-renderer...
GHSA-XFFM-G5W8-QVG7 vulnerabilities
Vulnerabilities for packages: grafana-image-renderer...