Known vulnerabilities in Grafana Labs Grafana

Vendor: Grafana Labs

Website: https://github.com/grafana

Total Security Bulletins: 63

Security bulletins (63)

Secuity bulletin	Severity	Status	Published
SB2026020361: Improper access control in Grafana	Low	Patched	03.02.2026
SB2026013061: Multiple vulnerabilities in Grafana	Medium	Patched Public exploit	30.01.2026
SB2025080425: Authorization bypass through user-controlled key in Grafana	Low	Patched	04.08.2025
SB2025072114: Multiple vulnerabilities in Grafana	Medium	Patched	21.07.2025
SB2025072113: Information disclosure in Grafana	Medium	Patched	21.07.2025
SB2025061829: Browser denial of service in Grafana	Low	Patched	18.06.2025
SB2025060322: Improper Authorization in Grafana	Medium	Patched	03.06.2025
SB2025060314: Improper Authorization in Grafana	Medium	Patched	03.06.2025
SB2025052748: Improper access control in Grafana	Low	Patched	27.05.2025
SB2025052230: Cross-site scripting in Grafana	Low	Patched Public exploit	22.05.2025
SB2025020329: Information disclosure in Grafana	Medium	Patched	03.02.2025
SB20241022375: Improper access control in Grafana	Low	Patched	22.10.2024
SB2024101803: Remote code execution in Grafana SQL Expressions	Medium	Patched Public exploit	18.10.2024
SB2024081534: Reflected XSS in Grafana	Medium	Patched	15.08.2024
SB2024050715: Email verification bypass in Grafana	Low	Patched	07.05.2024
SB2024032711: Improper Authorization in Grafana	Medium	Patched	27.03.2024
SB2024031121: Improper access control in Grafana	Medium	Patched	11.03.2024
SB2023101664: Security restrictions bypass in Grafana	Low	Patched	16.10.2023
SB20230720110: Missing authorization in Grafana	Low	Patched	20.07.2023
SB2023062281: Authentication bypass in Grafana Azure AD OAuth	High	Patched	22.06.2023
SB2023062244: Denial of service in Grafana	Medium	Patched	22.06.2023
SB2023062227: JWT token disclosure in Grafana	Medium	Patched	22.06.2023
SB2023041950: Stored XSS in Grafana	Low	Patched	19.04.2023
SB2023041949: Multiple vulnerabilities in Grafana	Low	Patched	19.04.2023
SB2023030114: Stored XSS in Grafana Text plugin	Low	Patched	01.03.2023
SB2023021201: Multiple vulnerabilities in Grafana	Medium	Patched	12.02.2023
SB2023020152: Information disclosure in Grafana	Medium	Patched	01.02.2023
SB2023012632: Stored XSS in Grafana	Low	Not patched	26.01.2023
SB2023012631: Spoofing attack in Grafana	Low	Not patched	26.01.2023
SB2023012630: Privilege escalation in Grafana SAML integration	High	Patched	26.01.2023
SB2022112220: Multiple vulnerabilities in Grafana	High	Patched	22.11.2022
SB2022110140: Grafana update for Go Text	Medium	Patched	01.11.2022
SB2022101338: Grafana update for Go	Medium	Patched	13.10.2022
SB2022092614: Privilege escalation in Grafana	Medium	Patched	26.09.2022
SB2022071510: Multiple vulnerabilities in Grafana	High	Patched	15.07.2022
SB2022061623: Information disclosure in Grafana	Low	Patched	16.06.2022
SB2022061622: Path traversal in Grafana	Medium	Patched Public exploit	16.06.2022
SB2022061621: Multiple vulnerabilities in Grafana	Medium	Patched	16.06.2022
SB2022061620: Information disclosure in Grafana	Low	Patched	16.06.2022

Showing elements 1 - 40 out of 63