Browse all 3 CVE security advisories affecting Grafana Labs. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Grafana Labs develops the open-source observability platform Grafana, used for visualizing metrics and logs. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and authentication flaws. While no major public security incidents have been widely reported, the platform's three recorded CVEs highlight potential risks in its extensibility and plugin ecosystem. Security researchers have noted that misconfigurations can expose sensitive data, and the platform's popularity makes it a target for attackers seeking to compromise monitoring infrastructure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-41116 | Incorrect oauth passthrough in Grafana Databricks Datasource — Grafana Databricks Datasource PluginCWE-653 | 7.5 | - | 2025-11-11 |
| CVE-2025-3717 | Incorrect oauth passthrough in Grafana Snowflake Datasource — Grafana Snowflake Datasource PluginCWE-653 | 5.3 | - | 2025-11-11 |
| CVE-2024-9476 | Privilege escalation vulnerability for Organizations in Grafana — Grafana OSS and EnterpriseCWE-266 | 8.8AI | HighAI | 2024-11-13 |
This page lists every published CVE security advisory associated with Grafana Labs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.