Vulnerabilities in grafana
102 resultsCVE-2024-1442MEDIUMUser with permissions to create a data source can CRUD all data sourcesEPSS 0.8%CVE-2022-23552HIGHGrafana stored XSS in FileUploader component EPSS 0.8%CVE-2023-5123HIGHImproper Path Sanitization in JSON Datasource PluginEPSS 0.8%CVE-2023-2801HIGHGrafana is an open-source platform for monitoring and observability.
Using public dashboards users can query multiple distinct data sourceEPSS 0.7%CVE-2022-39306MEDIUMGrafana contains Improper Input ValidationEPSS 0.7%CVE-2021-41090MEDIUMInstance config inline secret exposureEPSS 0.7%CVE-2022-39307MEDIUMGrafana subject to Exposure of Sensitive Information resulting in User enumeration via forget passwordEPSS 0.7%CVE-2024-1313MEDIUMUsers outside an organization can delete a snapshot with its keyEPSS 0.6%CVE-2022-36062HIGHGrafana folders admin only permission privilege escalationEPSS 0.6%CVE-2024-8118MEDIUMGrafana alerting wrong permission on datasource rule write endpointEPSS 0.6%CVE-2025-11539CRITICALArbitrary Code Execution in Grafana Image Renderer PluginEPSS 0.6%CVE-2026-27880HIGHOpenFeature evaluation API reads input data with no boundsEPSS 0.6%CVE-2023-5122MEDIUMSSRF in CSV Datasource PluginEPSS 0.5%CVE-2024-10452LOWOrganization admins can delete pending invites created in an organization they are not part of.EPSS 0.5%CVE-2025-3260HIGHA security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissionEPSS 0.5%CVE-2026-21720HIGHUnauthenticated DoS: avatar cache leaks goroutines when /avatar/:hash requests time outEPSS 0.5%CVE-2022-46156HIGHGrafana's default installation of `synthetic-monitoring-agent` exposes sensitive informationEPSS 0.5%CVE-2023-3010HIGHGrafana is an open-source platform for monitoring and observability.
The WorldMap panel plugin, versions before 1.0.4 contains a DOM XSS vEPSS 0.4%CVE-2026-33375MEDIUMGrafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoSEPSS 0.4%CVE-2026-42127HIGHGrafana pre-auth DoS through arbitrarily large input to public dashboard query handlerEPSS 0.4%