Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Grafana — Vulnerabilities & Security Advisories 85

Browse all 85 CVE security advisories affecting Grafana. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Grafana serves as a leading open-source platform for observability, enabling users to visualize metrics, logs, and traces from diverse data sources. Despite its utility, the software has accumulated 85 recorded Common Vulnerabilities and Exposures (CVEs), reflecting a history of security challenges. Historically, these flaws frequently involve remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation or improper access controls in its plugin ecosystem and API endpoints. While no single catastrophic incident has defined its entire lifecycle, the high volume of CVEs indicates persistent risks in its complex architecture. Security teams must prioritize regular patching and strict configuration management to mitigate these known weaknesses, ensuring that the platform’s robust visualization capabilities do not compromise underlying infrastructure integrity.

Top products by Grafana: grafana Grafana Enterprise grafana/grafana grafana-image-renderer Tempo Grafana OSS Alloy Grafana Alerting Pyroscope Loki Grafana Correlations grafana/grafana-enterprise grafana-zabbix-plugin grafana-infinity-datasource Agent Flow OnCall grafana-json-datasource grafana-csv-datasource worldmap-panel google-sheets-datasource synthetic-monitoring-agent agent
CVE IDTitleCVSSSeverityPublished
CVE-2025-2703 Grafana 安全漏洞 — GrafanaCWE-79 6.8 Medium2025-04-23
CVE-2024-11741 Grafana 安全漏洞 — GrafanaCWE-200 4.3 Medium2025-01-31
CVE-2024-10452 Grafana 安全漏洞 — GrafanaCWE-639 2.2 Low2024-10-29
CVE-2024-9264 Grafana SQL Expressions allow for remote code execution — GrafanaCWE-94 9.9 Critical2024-10-18
CVE-2024-8118 Grafana alerting wrong permission on datasource rule write endpoint — GrafanaCWE-653 4.3AIMediumAI2024-09-26
CVE-2024-8996 Grafana Agent Flow on Windows Unquoted service path — Agent FlowCWE-428 7.3 High2024-09-25
CVE-2024-8975 Grafana Alloy on Windows Unquoted service path — AlloyCWE-428 7.3 High2024-09-25
CVE-2024-6322 Grafana 安全漏洞 — GrafanaCWE-266 4.4 Medium2024-08-20
CVE-2024-5526 Grafana OnCall 安全漏洞 — OnCallCWE-918 7.7 High2024-06-05
CVE-2024-1313 Users outside an organization can delete a snapshot with its key — GrafanaCWE-639 6.5 Medium2024-03-26
CVE-2024-1442 User with permissions to create a data source can CRUD all data sources — GrafanaCWE-269 6.0 Medium2024-03-07
CVE-2023-5122 SSRF in CSV Datasource Plugin — grafana-csv-datasourceCWE-918 5.0 Medium2024-02-14
CVE-2023-5123 Improper Path Sanitization in JSON Datasource Plugin — grafana-json-datasourceCWE-22 8.0 High2024-02-14
CVE-2023-6152 Grafana 安全漏洞 — GrafanaCWE-863 5.4 Medium2024-02-13
CVE-2023-3010 Grafana 跨站脚本漏洞 — worldmap-panelCWE-79 7.3 High2023-10-25
CVE-2023-4399 Grafana 安全漏洞 — Grafana EnterpriseCWE-183 6.6 Medium2023-10-17
CVE-2023-4457 Grafana 安全漏洞 — google-sheets-datasourceCWE-209 5.5 Medium2023-10-16
CVE-2023-4822 Grafana 安全漏洞 — Grafana EnterpriseCWE-269 6.7 Medium2023-10-16
CVE-2023-3128 Grafana 安全漏洞 — GrafanaCWE-290 9.4 Critical2023-06-22
CVE-2023-2183 Grafana 安全漏洞 — GrafanaCWE-284 4.1 Medium2023-06-06
CVE-2023-2801 Grafana 安全漏洞 — GrafanaCWE-820 7.5 High2023-06-06
CVE-2023-1387 Grafana 安全漏洞 — GrafanaCWE-200 4.2 Medium2023-04-26
CVE-2023-1410 Stored XSS in Graphite FunctionDescription tooltip — GrafanaCWE-79 6.2 Medium2023-03-23
CVE-2023-22462 Stored XSS in Grafana Text plugin — grafanaCWE-79 6.4 Medium2023-03-02
CVE-2023-0594 Grafana 跨站脚本漏洞 — GrafanaCWE-79 7.3 High2023-03-01
CVE-2023-0507 Grafana 跨站脚本漏洞 — GrafanaCWE-79 7.3 High2023-03-01
CVE-2022-23498 When query caching is enabled in Grafana users can query another users session — grafanaCWE-200 7.1 High2023-02-03
CVE-2022-23552 Grafana stored XSS in FileUploader component — grafanaCWE-79 7.3 High2023-01-27
CVE-2022-39324 Grafana vulnerable to spoofing originalUrl of snapshots — grafanaCWE-79 6.7 Medium2023-01-27
CVE-2022-46156 Grafana's default installation of `synthetic-monitoring-agent` exposes sensitive information — synthetic-monitoring-agentCWE-489 7.2 High2022-11-30

This page lists every published CVE security advisory associated with Grafana. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.