Browse all 7 CVE security advisories affecting prometheus. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-42154 | Prometheus: remote read endpoint allows denial of service via crafted snappy payload — prometheusCWE-400 | 7.5 | High | 2026-05-04 |
| CVE-2026-42151 | Prometheus Azure AD remote write OAuth client secret exposed via config API — prometheusCWE-200 | 7.5 | High | 2026-05-04 |
| CVE-2026-40179 | Prometheus: Stored XSS via metric names and label values in web UI tooltips and metrics explorer — prometheusCWE-79 | 6.1 | - | 2026-04-15 |
| CVE-2023-40577 | Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint — alertmanagerCWE-79 | 7.5 | High | 2023-08-25 |
| CVE-2022-46146 | Prometheus Exporter Toolkit vulnerable to basic authentication bypass — exporter-toolkitCWE-303 | 6.2 | Medium | 2022-11-29 |
| CVE-2022-21698 | Uncontrolled Resource Consumption in promhttp — client_golangCWE-400 | 7.5 | High | 2022-02-15 |
| CVE-2021-29622 | Arbitrary redirects under /new endpoint — prometheusCWE-601 | 6.5 | Medium | 2021-05-19 |
This page lists every published CVE security advisory associated with prometheus. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.