| CVE-2021-43798 |
high |
— |
10.0 |
|
|
|
2y ago |
Grafana contains a path traversal vulnerability that could allow access to local files. |
| CVE-2021-39226 |
high |
— |
9.5 |
|
|
|
5y ago |
Grafana contains an authentication bypass vulnerability that allows authenticated and unauthenticated users to view and delete all snapshot data, potentially resulting in complete snapshot data loss. |
| CVE-2020-13379 |
high |
— |
9.0 |
|
|
|
4y ago |
RHSA-2020:2641: grafana security update (Important) |
| CVE-2021-43815 |
high |
— |
8.0 |
|
|
|
2y ago |
Grafana directory traversal for .cvs files |
| CVE-2024-1313 |
high |
— |
8.0 |
|
|
|
2y ago |
RHSA-2024:3265: grafana security update (Important) |
| CVE-2022-31107 |
high |
— |
8.0 |
|
|
|
4y ago |
RHSA-2022:5717: grafana security update (Important) |
| CVE-2026-27877 |
high |
7.5 |
7.5 |
|
|
|
1mo ago |
Important: grafana security update |
| CVE-2025-4123 |
medium |
6.1 |
7.1 |
|
|
|
1y ago |
RHSA-2025:7894: grafana security update (Important) |
| CVE-2025-41117 |
medium |
— |
5.5 |
|
|
|
4mo ago |
Grafana has a Cross-site Scripting issue |
| CVE-2025-3454 |
medium |
— |
5.5 |
|
|
|
1y ago |
Grafana's datasource proxy API allows authorization checks to be bypassed in github.com/grafana/grafana |
| CVE-2021-41244 |
medium |
— |
5.5 |
|
|
|
2y ago |
Grafana Fine-grained access control vulnerability |
| CVE-2019-19499 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) |
| CVE-2022-39201 |
medium |
— |
5.5 |
|
|
|
3y ago |
Moderate: grafana security and enhancement update |
| CVE-2022-39324 |
medium |
— |
5.5 |
|
|
|
3y ago |
Moderate: grafana security and enhancement update |
| CVE-2022-39307 |
medium |
— |
5.5 |
|
|
|
3y ago |
Moderate: grafana security and enhancement update |
| CVE-2022-39306 |
medium |
— |
5.5 |
|
|
|
3y ago |
Moderate: grafana security and enhancement update |
| CVE-2022-31130 |
medium |
— |
5.5 |
|
|
|
3y ago |
Moderate: grafana security and enhancement update |
| CVE-2022-31123 |
medium |
— |
5.5 |
|
|
|
3y ago |
Moderate: grafana security and enhancement update |
| CVE-2023-3128 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6972: grafana security and enhancement update (Moderate) |
| CVE-2022-39229 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:2784: grafana security update (Moderate) |
| CVE-2022-35957 |
medium |
— |
5.5 |
|
|
|
3y ago |
Moderate: grafana security and enhancement update |
| CVE-2022-21702 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:7519: grafana security, bug fix, and enhancement update (Moderate) |
| CVE-2022-21713 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:7519: grafana security, bug fix, and enhancement update (Moderate) |
| CVE-2020-24303 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2021:1859: grafana security, bug fix, and enhancement update (Moderate) |
| CVE-2020-11110 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) |
| CVE-2018-18624 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) |
| CVE-2020-13430 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) |
| CVE-2020-12458 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) |
| CVE-2020-12459 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) |
| CVE-2020-12245 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) |
| CVE-2021-27358 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2021:4226: grafana security, bug fix, and enhancement update (Moderate) |
| CVE-2019-13068 |
unknown |
— |
1.0 |
|
|
|
4y ago |
Grafana Cross-site Scripting vulnerability |
| CVE-2018-15727 |
unknown |
— |
1.0 |
|
|
|
4y ago |
Grafana Authentication Bypass in github.com/grafana/grafana |
| CVE-2026-21724 |
unknown |
— |
— |
|
|
|
2mo ago |
Grafana OSS: Authorization bypass allows users with Editor role to modify protected webhook URLs without permissions |
| CVE-2025-41115 |
unknown |
— |
— |
|
|
|
6mo ago |
Grafana Incorrect Privilege Assignment vulnerability in github.com/grafana/grafana |
| CVE-2025-6023 |
unknown |
— |
— |
|
|
|
11mo ago |
Grafana is vulnerable to XSS attacks through open redirects and path traversal in github.com/grafana/grafana |
| CVE-2025-3415 |
unknown |
— |
— |
|
|
|
11mo ago |
Grafana's insecure DingDing Alert integration exposes sensitive information in github.com/grafana/grafana |
| CVE-2025-1088 |
unknown |
— |
— |
|
|
|
1y ago |
Grafana long dashboard title or panel name causes unresponsives in github.com/grafana/grafana |
| CVE-2025-3260 |
unknown |
— |
— |
|
|
|
1y ago |
Grafana vulnerable to authenticated users bypassing dashboard, folder permissions in github.com/grafana/grafana |
| CVE-2024-11741 |
unknown |
— |
— |
|
|
|
1y ago |
Grafana Alerting VictorOps integration could be exposed to users with Viewer permission in github.com/grafana/grafana |
| CVE-2024-10452 |
unknown |
— |
— |
|
|
|
2y ago |
Grafana org admin can delete pending invites in different org in github.com/grafana/grafana |
| CVE-2024-9264 |
unknown |
— |
— |
|
|
|
2y ago |
Grafana Command Injection And Local File Inclusion Via Sql Expressions in github.com/grafana/grafana |
| CVE-2024-6322 |
unknown |
— |
— |
|
|
|
2y ago |
Grafana plugin data sources vulnerable to access control bypass in github.com/grafana/grafana |
| CVE-2022-36062 |
unknown |
— |
— |
|
|
|
2y ago |
Grafana folders admin only permission privilege escalation in github.com/grafana/grafana |
| CVE-2022-39328 |
unknown |
— |
— |
|
|
|
2y ago |
Grafana Race condition allowing privilege escalation in github.com/grafana/grafana |
| CVE-2022-31097 |
unknown |
— |
— |
|
|
|
2y ago |
Grafana Stored Cross-site Scripting in Unified Alerting in github.com/grafana/grafana |
| CVE-2024-1442 |
unknown |
— |
— |
|
|
|
2y ago |
Grafana's users with permissions to create a data source can CRUD all data sources in github.com/grafana/grafana |
| CVE-2023-6152 |
unknown |
— |
— |
|
|
|
2y ago |
Email Validation Bypass And Preventing Sign Up From Email's Owner |
| CVE-2018-12099 |
unknown |
— |
— |
|
|
|
2y ago |
Grafana Cross-site Scripting (XSS) in github.com/grafana/grafana |
| CVE-2018-18625 |
unknown |
— |
— |
|
|
|
2y ago |
Grafana XSS via adding a link in General feature in github.com/grafana/grafana |
| CVE-2018-18623 |
unknown |
— |
— |
|
|
|
2y ago |
Grafana XSS in Dashboard Text Panel in github.com/grafana/grafana |
| CVE-2023-4822 |
unknown |
— |
— |
|
|
|
3y ago |
Grafana privilege escalation vulnerability |
| CVE-2023-2183 |
unknown |
— |
— |
|
|
|
3y ago |
Grafana has Broken Access Control in Alert manager: Viewer can send test alerts |
| CVE-2023-2801 |
unknown |
— |
— |
|
|
|
3y ago |
Grafana Missing Synchronization vulnerability |
| CVE-2023-1410 |
unknown |
— |
— |
|
|
|
3y ago |
Grafana Stored Cross-site Scripting in Graphite FunctionDescription tooltip |
| CVE-2023-22462 |
unknown |
— |
— |
|
|
|
3y ago |
Grafana vulnerable to Stored Cross-site Scripting in Text plugin |
| CVE-2023-0594 |
unknown |
— |
— |
|
|
|
3y ago |
Grafana vulnerable to Cross-site Scripting |
| CVE-2023-0507 |
unknown |
— |
— |
|
|
|
3y ago |
Grafana vulnerable to Cross-site Scripting |
| CVE-2018-1000816 |
unknown |
— |
— |
|
|
|
4y ago |
Grafana XSS Vulnerability |
