Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Grafana — Vulnerabilities & Security Advisories 85

Browse all 85 CVE security advisories affecting Grafana. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Grafana:grafanaGrafana Enterprisegrafana/grafanagrafana-image-rendererTempoGrafana OSSAlloyGrafana AlertingPyroscopeLokiGrafana Correlationsgrafana/grafana-enterprisegrafana-zabbix-plugingrafana-infinity-datasourceAgent FlowOnCallgrafana-json-datasourcegrafana-csv-datasourceworldmap-panelgoogle-sheets-datasourcesynthetic-monitoring-agentagent
CVE IDTitleCVSSSeverityPublished
CVE-2022-39307 Grafana subject to Exposure of Sensitive Information resulting in User enumeration via forget password — grafanaCWE-200 6.7 Medium2022-11-09
CVE-2022-39306 Grafana contains Improper Input Validation — grafanaCWE-20 6.4 Medium2022-11-09
CVE-2022-39328 Grafana vulnerable to race condition allowing privilege escalation — grafanaCWE-362 9.8 Critical2022-11-08
CVE-2022-39229 Grafana users with email as a username can block other users from signing in — grafanaCWE-287 4.3 Medium2022-10-13
CVE-2022-31123 Grafana plugin signature bypass vulnerability — grafanaCWE-347 6.1 Medium2022-10-13
CVE-2022-31130 Grafana data source and plugin proxy endpoints leaking authentication tokens to some destination plugins — grafanaCWE-200 4.9 Medium2022-10-13
CVE-2022-39201 Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins — grafanaCWE-200 6.8 Medium2022-10-13
CVE-2022-36062 Grafana folders admin only permission privilege escalation — grafanaCWE-281 7.6 High2022-09-22
CVE-2022-35957 Authentication Bypass in Grafana via auth proxy allowing escalation from admin to server admin — grafanaCWE-290 6.6 Medium2022-09-20
CVE-2022-31176 Grafana Image Renderer leaking files — grafana-image-rendererCWE-200 8.3 High2022-09-02
CVE-2022-31107 Grafana account takeover via OAuth vulnerability — grafanaCWE-863 7.1 High2022-07-15
CVE-2022-31097 Stored XSS in Grafana's Unified Alerting — grafanaCWE-79 7.3 High2022-07-15
CVE-2022-29170 Grafana Enterprise datasource network restrictions bypass via HTTP redirects — grafanaCWE-601 6.6 Medium2022-05-20
CVE-2022-24812 FGAC API Key privilege escalation in Grafana — grafanaCWE-269 8.0 High2022-04-12
CVE-2022-21713 Exposure of Sensitive Information in Grafana — grafanaCWE-863 4.3 Medium2022-02-08
CVE-2022-21703 Cross Site Request Forgery in Grafana — grafanaCWE-352 6.3 Medium2022-02-08
CVE-2022-21702 Cross site scripting in Grafana proxy — grafanaCWE-79 6.5 Medium2022-02-08
CVE-2022-21673 OAuth Identity Token exposure in Grafana — grafanaCWE-200 4.3 Medium2022-01-18
CVE-2021-43815 Grafana directory traversal for `.cvs` files — grafanaCWE-22 4.3 Medium2021-12-10
CVE-2021-43813 Directory Traversal in Grafana — grafanaCWE-22 4.3 Medium2021-12-10
CVE-2021-41090 Instance config inline secret exposure — agentCWE-200 6.5 Medium2021-12-08
CVE-2021-43798 Grafana path traversal — grafanaCWE-22 7.5 High2021-12-07
CVE-2021-41244 Cross organization admin control in Grafana — grafanaCWE-610 9.1 Critical2021-11-15
CVE-2021-41174 XSS vulnerability allowing arbitrary JavaScript execution — grafanaCWE-79 6.9 Medium2021-11-03
CVE-2021-39226 Snapshot authentication bypass in grafana — grafanaCWE-287 9.8 Critical2021-10-05

This page lists every published CVE security advisory associated with Grafana. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.