MAL-2025-5919 Malicious code in grafana-amazonprometheus-datasource (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d7359e2541c67fe090610ee101544e2e2da0fc6232b1fff166f71c0bd3c1f0e6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in azure-prometheus-datasource (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 47fd9dad2205644dc2dc1629b5ba8933f2243510d26fca0bb35e2fb3f1e602a4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-3454

Grafana’s CVE-2025-3454 affects the datasource proxy API, where an extra slash in the URL path bypasses authorization checks, potentially allowing read access to GET endpoints for Alertmanager and Prometheus datasources. The issue targets route-specific permission implementations and is noted in ...

SUSE CVE-2025-3454

This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...

GHSA-XC3P-28HW-Q24G Grafana proxy Cross-site Scripting

Today we are releasing Grafana 8.3.5 and 7.5.15. This patch release includes MEDIUM severity security fix for XSS for Grafana. Release v.8.3.5, only containing security fixes: - Download Grafana 8.3.5 - Release notes Release v.7.5.15, only containing security fixes: - Download Grafana 7.5.15 -...