grafana — Vulnerabilities & Security Advisories 95

Browse all 95 CVE security advisories affecting grafana. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Grafana serves as a leading open-source platform for observability, enabling users to visualize metrics, logs, and traces from diverse data sources. Despite its utility, the software has accumulated 85 recorded Common Vulnerabilities and Exposures (CVEs), reflecting a history of security challenges. Historically, these flaws frequently involve remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation or improper access controls in its plugin ecosystem and API endpoints. While no single catastrophic incident has defined its entire lifecycle, the high volume of CVEs indicates persistent risks in its complex architecture. Security teams must prioritize regular patching and strict configuration management to mitigate these known weaknesses, ensuring that the platform’s robust visualization capabilities do not compromise underlying infrastructure integrity.

CVE ID	Title	CVSS	Severity	Published
CVE-2023-2801	Grafana 安全漏洞 — GrafanaCWE-820	7.5	High	2023-06-06
CVE-2023-1387	Grafana 安全漏洞 — GrafanaCWE-200	4.2	Medium	2023-04-26
CVE-2023-1410	Stored XSS in Graphite FunctionDescription tooltip — GrafanaCWE-79	6.2	Medium	2023-03-23
CVE-2023-22462	Stored XSS in Grafana Text plugin — grafanaCWE-79	6.4	Medium	2023-03-02
CVE-2023-0594	Grafana 跨站脚本漏洞 — GrafanaCWE-79	7.3	High	2023-03-01
CVE-2023-0507	Grafana 跨站脚本漏洞 — GrafanaCWE-79	7.3	High	2023-03-01
CVE-2022-23498	When query caching is enabled in Grafana users can query another users session — grafanaCWE-200	7.1	High	2023-02-03
CVE-2022-23552	Grafana stored XSS in FileUploader component — grafanaCWE-79	7.3	High	2023-01-27
CVE-2022-39324	Grafana vulnerable to spoofing originalUrl of snapshots — grafanaCWE-79	6.7	Medium	2023-01-27
CVE-2022-46156	Grafana's default installation of `synthetic-monitoring-agent` exposes sensitive information — synthetic-monitoring-agentCWE-489	7.2	High	2022-11-30
CVE-2022-39306	Grafana contains Improper Input Validation — grafanaCWE-20	6.4	Medium	2022-11-09
CVE-2022-39307	Grafana subject to Exposure of Sensitive Information resulting in User enumeration via forget password — grafanaCWE-200	6.7	Medium	2022-11-09
CVE-2022-39328	Grafana vulnerable to race condition allowing privilege escalation — grafanaCWE-362	9.8	Critical	2022-11-08
CVE-2022-39229	Grafana users with email as a username can block other users from signing in — grafanaCWE-287	4.3	Medium	2022-10-13
CVE-2022-31123	Grafana plugin signature bypass vulnerability — grafanaCWE-347	6.1	Medium	2022-10-13
CVE-2022-31130	Grafana data source and plugin proxy endpoints leaking authentication tokens to some destination plugins — grafanaCWE-200	4.9	Medium	2022-10-13
CVE-2022-39201	Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins — grafanaCWE-200	6.8	Medium	2022-10-13
CVE-2022-36062	Grafana folders admin only permission privilege escalation — grafanaCWE-281	7.6	High	2022-09-22
CVE-2022-35957	Authentication Bypass in Grafana via auth proxy allowing escalation from admin to server admin — grafanaCWE-290	6.6	Medium	2022-09-20
CVE-2022-31176	Grafana Image Renderer leaking files — grafana-image-rendererCWE-200	8.3	High	2022-09-02
CVE-2022-31107	Grafana account takeover via OAuth vulnerability — grafanaCWE-863	7.1	High	2022-07-15
CVE-2022-31097	Stored XSS in Grafana's Unified Alerting — grafanaCWE-79	7.3	High	2022-07-15
CVE-2022-29170	Grafana Enterprise datasource network restrictions bypass via HTTP redirects — grafanaCWE-601	6.6	Medium	2022-05-20
CVE-2022-24812	FGAC API Key privilege escalation in Grafana — grafanaCWE-269	8.0	High	2022-04-12
CVE-2022-21713	Exposure of Sensitive Information in Grafana — grafanaCWE-863	4.3	Medium	2022-02-08
CVE-2022-21703	Cross Site Request Forgery in Grafana — grafanaCWE-352	6.3	Medium	2022-02-08
CVE-2022-21702	Cross site scripting in Grafana proxy — grafanaCWE-79	6.5	Medium	2022-02-08
CVE-2022-21673	OAuth Identity Token exposure in Grafana — grafanaCWE-200	4.3	Medium	2022-01-18
CVE-2021-43815	Grafana directory traversal for `.cvs` files — grafanaCWE-22	4.3	Medium	2021-12-10
CVE-2021-43813	Directory Traversal in Grafana — grafanaCWE-22	4.3	Medium	2021-12-10

This page lists every published CVE security advisory associated with grafana. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

grafana — Vulnerabilities & Security Advisories 95