github.com/grafana/grafana vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-33381Mediumgithub.com/grafana/grafana: Grafana: Users can generate Service Account tokens after permissions removalCVE-2026-33380Mediumgithub.com/grafana/grafana: Grafana: SQL Expressions Read File From DiskCVE-2026-27877Mediumgithub.com/grafana/grafana: Grafana public dashboards disclose all direct mode datasourcesCVE-2026-21724Mediumgithub.com/grafana/grafana: Grafana OSS: Authorization bypass allows users with Editor role to modify protected webhook URLs…CVE-2025-41117Mediumgithub.com/grafana/grafana: Grafana has a Cross-site Scripting issueCVE-2025-41115Criticalgithub.com/grafana/grafana: Grafana Incorrect Privilege Assignment vulnerabilityCVE-2025-6023Highgithub.com/grafana/grafana: Grafana is vulnerable to XSS attacks through open redirects and path traversalCVE-2025-3415Mediumgithub.com/grafana/grafana: Grafana's insecure DingDing Alert integration exposes sensitive informationCVE-2025-1088Lowgithub.com/grafana/grafana: Grafana long dashboard title or panel name causes unresponsivesCVE-2025-3454Mediumgithub.com/grafana/grafana: Grafana's datasource proxy API allows authorization checks to be bypassedCVE-2025-3260Highgithub.com/grafana/grafana: Grafana vulnerable to authenticated users bypassing dashboard, folder permissionsCVE-2025-4123Highgithub.com/grafana/grafana: Grafana Cross-Site-Scripting (XSS) via custom loaded frontend pluginCVE-2024-11741Mediumgithub.com/grafana/grafana: Grafana Alerting VictorOps integration could be exposed to users with Viewer permissionCVE-2024-10452Lowgithub.com/grafana/grafana: Grafana org admin can delete pending invites in different orgCVE-2024-9264Criticalgithub.com/grafana/grafana: Grafana Command Injection And Local File Inclusion Via Sql ExpressionsCVE-2024-6322Mediumgithub.com/grafana/grafana: Grafana plugin data sources vulnerable to access control bypassCVE-2022-36062Highgithub.com/grafana/grafana: Grafana folders admin only permission privilege escalationCVE-2022-39201Highgithub.com/grafana/grafana: Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some…CVE-2022-39229Mediumgithub.com/grafana/grafana: Grafana when using email as a username can block other users from signing inCVE-2022-39306Highgithub.com/grafana/grafana: Grafana Email addresses and usernames can not be trustedCVE-2022-39307Highgithub.com/grafana/grafana: Grafana User enumeration via forget passwordCVE-2022-39324Mediumgithub.com/grafana/grafana: Grafana Spoofing originalUrl of snapshotsCVE-2022-39328Criticalgithub.com/grafana/grafana: Grafana Race condition allowing privilege escalationCVE-2022-35957Highgithub.com/grafana/grafana: Grafana Escalation from admin to server admin when auth proxy is usedCVE-2022-31130Mediumgithub.com/grafana/grafana: Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination…

Stop the waste.
Protect your environment with Kodem.