Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

grafana — Vulnerabilities & Security Advisories 85

Browse all 85 CVE security advisories affecting grafana. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Grafana serves as a leading open-source platform for observability, enabling users to visualize metrics, logs, and traces from diverse data sources. Despite its utility, the software has accumulated 85 recorded Common Vulnerabilities and Exposures (CVEs), reflecting a history of security challenges. Historically, these flaws frequently involve remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation or improper access controls in its plugin ecosystem and API endpoints. While no single catastrophic incident has defined its entire lifecycle, the high volume of CVEs indicates persistent risks in its complex architecture. Security teams must prioritize regular patching and strict configuration management to mitigate these known weaknesses, ensuring that the platform’s robust visualization capabilities do not compromise underlying infrastructure integrity.

Top products by grafana: grafana Grafana Enterprise grafana/grafana grafana-image-renderer Tempo Grafana OSS Alloy Grafana Alerting Pyroscope Loki Grafana Correlations grafana/grafana-enterprise grafana-zabbix-plugin grafana-infinity-datasource Agent Flow OnCall grafana-json-datasource grafana-csv-datasource worldmap-panel google-sheets-datasource synthetic-monitoring-agent agent
CVE IDTitleCVSSSeverityPublished
CVE-2022-39307 Grafana subject to Exposure of Sensitive Information resulting in User enumeration via forget password — grafanaCWE-200 6.7 Medium2022-11-09
CVE-2022-39306 Grafana contains Improper Input Validation — grafanaCWE-20 6.4 Medium2022-11-09
CVE-2022-39328 Grafana vulnerable to race condition allowing privilege escalation — grafanaCWE-362 9.8 Critical2022-11-08
CVE-2022-39229 Grafana users with email as a username can block other users from signing in — grafanaCWE-287 4.3 Medium2022-10-13
CVE-2022-31123 Grafana plugin signature bypass vulnerability — grafanaCWE-347 6.1 Medium2022-10-13
CVE-2022-31130 Grafana data source and plugin proxy endpoints leaking authentication tokens to some destination plugins — grafanaCWE-200 4.9 Medium2022-10-13
CVE-2022-39201 Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins — grafanaCWE-200 6.8 Medium2022-10-13
CVE-2022-36062 Grafana folders admin only permission privilege escalation — grafanaCWE-281 7.6 High2022-09-22
CVE-2022-35957 Authentication Bypass in Grafana via auth proxy allowing escalation from admin to server admin — grafanaCWE-290 6.6 Medium2022-09-20
CVE-2022-31176 Grafana Image Renderer leaking files — grafana-image-rendererCWE-200 8.3 High2022-09-02
CVE-2022-31107 Grafana account takeover via OAuth vulnerability — grafanaCWE-863 7.1 High2022-07-15
CVE-2022-31097 Stored XSS in Grafana's Unified Alerting — grafanaCWE-79 7.3 High2022-07-15
CVE-2022-29170 Grafana Enterprise datasource network restrictions bypass via HTTP redirects — grafanaCWE-601 6.6 Medium2022-05-20
CVE-2022-24812 FGAC API Key privilege escalation in Grafana — grafanaCWE-269 8.0 High2022-04-12
CVE-2022-21713 Exposure of Sensitive Information in Grafana — grafanaCWE-863 4.3 Medium2022-02-08
CVE-2022-21703 Cross Site Request Forgery in Grafana — grafanaCWE-352 6.3 Medium2022-02-08
CVE-2022-21702 Cross site scripting in Grafana proxy — grafanaCWE-79 6.5 Medium2022-02-08
CVE-2022-21673 OAuth Identity Token exposure in Grafana — grafanaCWE-200 4.3 Medium2022-01-18
CVE-2021-43815 Grafana directory traversal for `.cvs` files — grafanaCWE-22 4.3 Medium2021-12-10
CVE-2021-43813 Directory Traversal in Grafana — grafanaCWE-22 4.3 Medium2021-12-10
CVE-2021-41090 Instance config inline secret exposure — agentCWE-200 6.5 Medium2021-12-08
CVE-2021-43798 Grafana path traversal — grafanaCWE-22 7.5 High2021-12-07
CVE-2021-41244 Cross organization admin control in Grafana — grafanaCWE-610 9.1 Critical2021-11-15
CVE-2021-41174 XSS vulnerability allowing arbitrary JavaScript execution — grafanaCWE-79 6.9 Medium2021-11-03
CVE-2021-39226 Snapshot authentication bypass in grafana — grafanaCWE-287 9.8 Critical2021-10-05

This page lists every published CVE security advisory associated with grafana. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.