pkg:Go/github.com/grafana/grafana

96 total CVEsCRITICAL10HIGH16MEDIUM66LOW4

✅ Check your installed version

All known vulnerabilities

  • HIGH7.5CVE-2021-43798⚠ KEVGrafana path traversal
    >= 8.3.0, < 8.3.1
  • HIGH7.3CVE-2021-39226⚠ KEVAuthentication bypass for viewing and deletions of snapshots
    from 0, < 7.5.11
  • CRITICAL10.0CVE-2025-41115Grafana Incorrect Privilege Assignment vulnerability in github.com/grafana/grafana
    >= 1.9.2-0.20250310110405-e6fdb746f235
  • CRITICAL10.0CVE-2025-41115Grafana Incorrect Privilege Assignment vulnerability in github.com/grafana/grafana
    >= 12.0.0, < 12.0.7
  • CRITICAL9.9CVE-2024-9264Grafana Command Injection And Local File Inclusion Via Sql Expressions in github.com/grafana/grafana
    from 0
  • CRITICAL9.9CVE-2024-9264Grafana Command Injection And Local File Inclusion Via Sql Expressions in github.com/grafana/grafana
    >= 11.0.0, < 11.0.6+security-01
  • CRITICAL9.8CVE-2022-39328Grafana vulnerable to race condition allowing privilege escalation
    from 0
  • CRITICAL9.8CVE-2022-39328Grafana vulnerable to race condition allowing privilege escalation
    >= 9.2.0, < 9.2.4
  • CRITICAL9.8CVE-2018-15727Grafana Authentication Bypass in github.com/grafana/grafana
    from 0, < 4.6.4
  • CRITICAL9.8CVE-2018-15727Grafana Authentication Bypass in github.com/grafana/grafana
    from 0, < 4.6.4+incompatible, >= 5.0.0+incompatible, < 5.2.3+incompatible
  • CRITICAL9.4CVE-2023-3128Grafana vulnerable to Authentication Bypass by Spoofing
    >= 9.4.0, < 9.4.13
  • CRITICAL9.1CVE-2021-41244Grafana Fine-grained access control vulnerability
    >= 8.0.0, < 8.2.4
  • HIGH8.3CVE-2025-3260Grafana vulnerable to authenticated users bypassing dashboard, folder permissions in github.com/grafana/grafana
    >= 0.0.0-20250114093457-36d6fad421fb, < 0.0.0-20250521183405-c7a690348df7
  • HIGH8.3CVE-2025-3260Grafana vulnerable to authenticated users bypassing dashboard, folder permissions in github.com/grafana/grafana
    >= 0.0.0-20250114093457-36d6fad421fb
  • HIGH8.2CVE-2021-27358Denial of service in Grafana
    >= 6.7.3, < 7.4.2
  • HIGH7.6CVE-2025-6023Grafana is vulnerable to XSS attacks through open redirects and path traversal in github.com/grafana/grafana
    from 0
  • HIGH7.6CVE-2025-6023Grafana is vulnerable to XSS attacks through open redirects and path traversal in github.com/grafana/grafana
    from 0, < 1.9.2-0.20250521205822-0ba0b99665a9
  • HIGH7.6CVE-2025-4123Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin
    from 0
  • HIGH7.6CVE-2025-4123Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin
    from 0, < 0.0.0-20250521183405-c7a690348df7
  • HIGH7.6CVE-2022-36062Grafana folders admin only permission privilege escalation in github.com/grafana/grafana
    from 0
  • HIGH7.6CVE-2022-36062Grafana folders admin only permission privilege escalation in github.com/grafana/grafana
    >= 8.5.0, < 8.5.13
  • HIGH7.5CVE-2023-2801Grafana Missing Synchronization vulnerability
    from 0, < 9.4.12
  • HIGH7.3CVE-2022-31097Stored XSS in Grafana's Unified Alerting
    from 0
  • HIGH7.3CVE-2022-31097Stored XSS in Grafana's Unified Alerting
    >= 9.0.0, < 9.0.3
  • HIGH7.1CVE-2022-31107Grafana account takeover via OAuth vulnerability
    from 0
  • HIGH7.1CVE-2022-31107Grafana account takeover via OAuth vulnerability
    >= 5.3.0-beta1, < 8.3.10
  • MEDIUM6.8CVE-2025-41117XSS in Grafana Explore stack trace
    >= 12.2.0, < 12.2.5
  • MEDIUM6.8CVE-2022-39201Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
    >= 5.0.0-beta1, < 8.5.14
  • MEDIUM6.8CVE-2022-39201Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
    >= 5.0.0-beta1+incompatible
  • MEDIUM6.8CVE-2022-21702Cross site scripting in Grafana proxy
    >= 2.0.0-beta1, < 7.5.15
  • MEDIUM6.7CVE-2022-39307Grafana User enumeration via forget password in github.com/grafana/grafana
    from 0
  • MEDIUM6.7CVE-2022-39307Grafana User enumeration via forget password in github.com/grafana/grafana
    >= 9.0.0, < 9.2.4
  • MEDIUM6.7CVE-2022-39324Grafana Spoofing originalUrl of snapshots
    from 0
  • MEDIUM6.7CVE-2022-39324Grafana Spoofing originalUrl of snapshots
    >= 9.0.0, < 9.2.8
  • MEDIUM6.7CVE-2023-4822Grafana privilege escalation vulnerability
    from 0, <= 10.1.5
  • MEDIUM6.6CVE-2022-35957Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana
    >= 9.1.0, < 9.1.6
  • MEDIUM6.6CVE-2022-35957Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana
    from 0
  • MEDIUM6.5CVE-2026-27877Grafana public dashboards disclose all direct mode datasources
    >= 9.3.0
  • MEDIUM6.5CVE-2024-1313Users outside an organization can delete a snapshot with its key
    from 0
  • MEDIUM6.5CVE-2024-1313Users outside an organization can delete a snapshot with its key
    >= 9.5.0, < 9.5.18
  • MEDIUM6.5CVE-2019-19499Grafana Arbitrary File Read
    from 0, < 6.4.4
  • MEDIUM6.5CVE-2019-19499Grafana Arbitrary File Read
    from 0
  • MEDIUM6.4CVE-2022-39306Grafana contains Improper Input Validation
    from 0
  • MEDIUM6.4CVE-2022-39306Grafana contains Improper Input Validation
    >= 8.0.0, < 8.5.15
  • MEDIUM6.4CVE-2023-22462Stored XSS in Grafana Text plugin
    >= 9.2.0, < 9.2.10
  • MEDIUM6.2CVE-2023-1410Grafana Stored Cross-site Scripting in Graphite FunctionDescription tooltip
    >= 8.0.0, < 8.5.22
  • MEDIUM6.1CVE-2022-31123Grafana Plugin signature bypass in github.com/grafana/grafana
    >= 9.0.0, < 9.1.8
  • MEDIUM6.1CVE-2022-31123Grafana Plugin signature bypass in github.com/grafana/grafana
    from 0
  • MEDIUM6.1CVE-2018-12099Grafana Cross-site Scripting (XSS) in github.com/grafana/grafana
    from 0, < 5.2.0-beta1+incompatible
  • MEDIUM6.1CVE-2018-12099Grafana Cross-site Scripting (XSS) in github.com/grafana/grafana
    from 0, < 5.2.0-beta1
  • MEDIUM6.1CVE-2018-18625Grafana XSS via adding a link in General feature in github.com/grafana/grafana
    from 0, < 6.0.0-beta1
  • MEDIUM6.1CVE-2018-18625Grafana XSS via adding a link in General feature in github.com/grafana/grafana
    from 0, < 6.0.0-beta1+incompatible
  • MEDIUM6.1CVE-2018-18623Grafana XSS in Dashboard Text Panel in github.com/grafana/grafana
    from 0, < 6.0.0-beta1+incompatible
  • MEDIUM6.1CVE-2018-18623Grafana XSS in Dashboard Text Panel in github.com/grafana/grafana
    from 0, < 6.0.0-beta1
  • MEDIUM6.1CVE-2020-24303Grafana XSS via a query alias for the ElasticSearch datasource in github.com/grafana/grafana
    from 0, < 7.1.0-beta1
  • MEDIUM6.1CVE-2020-24303Grafana XSS via a query alias for the ElasticSearch datasource in github.com/grafana/grafana
    from 0
  • MEDIUM6.1CVE-2018-18624Grafana XSS via a column style in github.com/grafana/grafana
    from 0
  • MEDIUM6.1CVE-2018-18624Grafana XSS via a column style in github.com/grafana/grafana
    from 0, < 7.0.0
  • MEDIUM6.1CVE-2020-13430Grafana XSS via the OpenTSDB datasource in github.com/grafana/grafana
    from 0, < 7.0.0
  • MEDIUM6.1CVE-2020-13430Grafana XSS via the OpenTSDB datasource in github.com/grafana/grafana
    from 0
  • MEDIUM6.1CVE-2020-12245Grafana XSS in header column rename in github.com/grafana/grafana
    from 0, < 6.7.3
  • MEDIUM6.1CVE-2020-12245Grafana XSS in header column rename in github.com/grafana/grafana
    from 0
  • MEDIUM6.0CVE-2024-1442Grafana's users with permissions to create a data source can CRUD all data sources
    from 0
  • MEDIUM6.0CVE-2024-1442Grafana's users with permissions to create a data source can CRUD all data sources
    >= 8.5.0, < 9.5.7
  • MEDIUM5.8CVE-2020-13379Server Side Request Forgery in Grafana
    >= 3.0.1, < 6.7.4
  • MEDIUM5.5CVE-2020-12458Grafana information disclosure in github.com/grafana/grafana
    from 0
  • MEDIUM5.5CVE-2020-12458Grafana information disclosure in github.com/grafana/grafana
    from 0, < 7.2.1
  • MEDIUM5.5CVE-2020-12459Grafana world readable configuration files
    from 0
  • MEDIUM5.5CVE-2020-12459Grafana world readable configuration files
    >= 6.0.0-beta1, < 7.2.1
  • MEDIUM5.4CVE-2026-21724Missing Protected-field Authorization in Provisioning Contact Points API
    from 0, < 1.9.2-0.20260323180334-daffe750de85
  • MEDIUM5.4CVE-2023-6152Email Validation Bypass And Preventing Sign Up From Email's Owner
    >= 2.5.0, < 9.5.16
  • MEDIUM5.4CVE-2023-0594Grafana vulnerable to Cross-site Scripting
    >= 7.0.0, < 8.5.21
  • MEDIUM5.4CVE-2023-0507Grafana vulnerable to Cross-site Scripting
    >= 8.1.0, < 8.5.21
  • MEDIUM5.4CVE-2020-11110Grafana stored XSS in github.com/grafana/grafana
    from 0, < 6.7.2
  • MEDIUM5.4CVE-2020-11110Grafana stored XSS in github.com/grafana/grafana
    from 0
  • MEDIUM5.4CVE-2019-13068Grafana Cross-site Scripting vulnerability
    from 0, < 6.2.5
  • MEDIUM5.4CVE-2018-1000816Grafana XSS Vulnerability
    from 0, < 5.3.2
  • MEDIUM5.0CVE-2025-3454Grafana's datasource proxy API allows authorization checks to be bypassed in github.com/grafana/grafana
    >= 0.0.0-20210414170620-dadccdda06e6
  • MEDIUM5.0CVE-2025-3454Grafana's datasource proxy API allows authorization checks to be bypassed in github.com/grafana/grafana
    >= 0.0.0-20210414170620-dadccdda06e6, < 0.0.0-20250424191517-1f707d16ed5d
  • MEDIUM4.9CVE-2022-31130Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
    >= 9.0.0, < 9.1.8
  • MEDIUM4.9CVE-2022-31130Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
    from 0
  • MEDIUM4.4CVE-2024-6322Grafana plugin data sources vulnerable to access control bypass in github.com/grafana/grafana
    >= 11.1.0, < 11.1.1
  • MEDIUM4.4CVE-2024-6322Grafana plugin data sources vulnerable to access control bypass in github.com/grafana/grafana
    from 0
  • MEDIUM4.3CVE-2025-3415Grafana's insecure DingDing Alert integration exposes sensitive information in github.com/grafana/grafana
    from 0
  • MEDIUM4.3CVE-2025-3415Grafana's insecure DingDing Alert integration exposes sensitive information in github.com/grafana/grafana
    from 0, < 1.9.2-0.20250514160932-04111e9f2afd
  • MEDIUM4.3CVE-2024-11741Grafana Alerting VictorOps integration could be exposed to users with Viewer permission
    >= 11.4.0, < 11.4.1
  • MEDIUM4.3CVE-2024-11741Grafana Alerting VictorOps integration could be exposed to users with Viewer permission
    from 0
  • MEDIUM4.3CVE-2022-39229Grafana when using email as a username can block other users from signing in in github.com/grafana/grafana
    from 0, < 8.5.14
  • MEDIUM4.3CVE-2022-39229Grafana when using email as a username can block other users from signing in in github.com/grafana/grafana
    from 0
  • MEDIUM4.3CVE-2022-21713Exposure of Sensitive Information in Grafana
    >= 5.0.0-beta1, < 7.5.15
  • MEDIUM4.3CVE-2021-43815Grafana directory traversal for .cvs files
    >= 8.0.0-beta3, < 8.3.2
  • MEDIUM4.1CVE-2023-2183Grafana has Broken Access Control in Alert manager: Viewer can send test alerts
    from 0, < 8.5.26
  • LOW2.7CVE-2025-1088Grafana long dashboard title or panel name causes unresponsives in github.com/grafana/grafana
    from 0, < 0.0.0-20250521211231-e0ba4b480954, >= 0.0.1-test
  • LOW2.7CVE-2025-1088Grafana long dashboard title or panel name causes unresponsives in github.com/grafana/grafana
    >= 0.0.1-test, < 11.6.2
  • LOW2.2CVE-2024-10452Grafana org admin can delete pending invites in different org in github.com/grafana/grafana
    from 0
  • LOW2.2CVE-2024-10452Grafana org admin can delete pending invites in different org in github.com/grafana/grafana
    from 0, <= 10.4.0