Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

grafana — Vulnerabilities & Security Advisories 95

Browse all 95 CVE security advisories affecting grafana. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Grafana serves as a leading open-source platform for observability, enabling users to visualize metrics, logs, and traces from diverse data sources. Despite its utility, the software has accumulated 85 recorded Common Vulnerabilities and Exposures (CVEs), reflecting a history of security challenges. Historically, these flaws frequently involve remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation or improper access controls in its plugin ecosystem and API endpoints. While no single catastrophic incident has defined its entire lifecycle, the high volume of CVEs indicates persistent risks in its complex architecture. Security teams must prioritize regular patching and strict configuration management to mitigate these known weaknesses, ensuring that the platform’s robust visualization capabilities do not compromise underlying infrastructure integrity.

Found 57 results / 95Clear Filters
Top products by grafana: grafana Grafana OSS Grafana Enterprise grafana/grafana grafana-image-renderer Tempo Alloy Grafana Alerting Pyroscope Loki Grafana Correlations grafana/grafana-enterprise grafana-zabbix-plugin grafana-infinity-datasource Agent Flow OnCall grafana-json-datasource grafana-csv-datasource worldmap-panel google-sheets-datasource synthetic-monitoring-agent agent
CVE IDTitleCVSSSeverityPublished
CVE-2026-27879 Query resampling can cause unbounded memory allocations — Grafana 6.5 Medium2026-03-27
CVE-2026-28375 Grafana Testdata datasource can issue unbounded memory allocations — Grafana 6.5 Medium2026-03-27
CVE-2026-27876 RCE on Grafana via sqlExpressions — Grafana 9.1 Critical2026-03-27
CVE-2026-27880 OpenFeature evaluation API reads input data with no bounds — Grafana 7.5 High2026-03-27
CVE-2026-27877 Public dashboards discloses all direct mode datasources — Grafana 6.5 Medium2026-03-27
CVE-2026-21725 Authorization Bypass via TOCTOU in Grafana Datasource Deletion by Name — Grafana 2.6 Low2026-02-25
CVE-2025-6197 Grafana OSS 安全漏洞 — GrafanaCWE-601 4.2 Medium2025-07-18
CVE-2025-6023 Grafana OSS 安全漏洞 — GrafanaCWE-601 7.6 High2025-07-18
CVE-2025-3415 Grafana 安全漏洞 — GrafanaCWE-200 4.3 Medium2025-07-17
CVE-2025-1088 Very long unicode dashboard title or panel name can hang the frontend — GrafanaCWE-20 2.7 Low2025-06-18
CVE-2025-3454 Grafana 安全漏洞 — GrafanaCWE-285 5.0 Medium2025-06-02
CVE-2025-3260 Grafana 安全漏洞 — GrafanaCWE-863 8.3 High2025-06-02
CVE-2025-3580 Grafana OSS 安全漏洞 — GrafanaCWE-284 5.5 Medium2025-05-23
CVE-2025-4123 Grafana 安全漏洞 — GrafanaCWE-79 7.6 High2025-05-22
CVE-2025-2703 Grafana 安全漏洞 — GrafanaCWE-79 6.8 Medium2025-04-23
CVE-2024-11741 Grafana 安全漏洞 — GrafanaCWE-200 4.3 Medium2025-01-31
CVE-2024-10452 Grafana 安全漏洞 — GrafanaCWE-639 2.2 Low2024-10-29
CVE-2024-9264 Grafana SQL Expressions allow for remote code execution — GrafanaCWE-94 9.9 Critical2024-10-18
CVE-2024-8118 Grafana alerting wrong permission on datasource rule write endpoint — GrafanaCWE-653 4.3AIMediumAI2024-09-26
CVE-2024-6322 Grafana 安全漏洞 — GrafanaCWE-266 4.4 Medium2024-08-20
CVE-2024-1313 Users outside an organization can delete a snapshot with its key — GrafanaCWE-639 6.5 Medium2024-03-26
CVE-2024-1442 User with permissions to create a data source can CRUD all data sources — GrafanaCWE-269 6.0 Medium2024-03-07
CVE-2023-6152 Grafana 安全漏洞 — GrafanaCWE-863 5.4 Medium2024-02-13
CVE-2023-3128 Grafana 安全漏洞 — GrafanaCWE-290 9.4 Critical2023-06-22
CVE-2023-2183 Grafana 安全漏洞 — GrafanaCWE-284 4.1 Medium2023-06-06
CVE-2023-2801 Grafana 安全漏洞 — GrafanaCWE-820 7.5 High2023-06-06
CVE-2023-1387 Grafana 安全漏洞 — GrafanaCWE-200 4.2 Medium2023-04-26
CVE-2023-1410 Stored XSS in Graphite FunctionDescription tooltip — GrafanaCWE-79 6.2 Medium2023-03-23
CVE-2023-22462 Stored XSS in Grafana Text plugin — grafanaCWE-79 6.4 Medium2023-03-02
CVE-2023-0594 Grafana 跨站脚本漏洞 — GrafanaCWE-79 7.3 High2023-03-01

This page lists every published CVE security advisory associated with grafana. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.