Package impact

Go / github.com/grafana/grafana

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2021-43798	high	—	9.5	2y ago	Grafana contains a path traversal vulnerability that could allow access to local files.
CVE-2023-3128	critical	—	9.5	3y ago	Critical: grafana security update
CVE-2021-39226	high	—	9.5	5y ago	Grafana contains an authentication bypass vulnerability that allows authenticated and unauthenticated users to view and delete all snapshot data, potentially resulting in complete snapshot data loss.
CVE-2021-43815	high	—	8.0	2y ago	Grafana directory traversal for .cvs files
CVE-2022-21702	high	—	8.0	4y ago	Important: grafana security, bug fix, and enhancement update
CVE-2022-21713	high	—	8.0	4y ago	Important: grafana security, bug fix, and enhancement update
CVE-2022-31107	high	—	8.0	4y ago	Important: grafana security update
CVE-2026-27877	high	7.5	7.5	1mo ago	Important: grafana security update
CVE-2025-4123	medium	6.1	6.1	1y ago	Important: grafana security update
CVE-2025-41117	medium	—	5.5	4mo ago	Grafana has a Cross-site Scripting issue
CVE-2025-3454	medium	—	5.5	1y ago	Grafana's datasource proxy API allows authorization checks to be bypassed in github.com/grafana/grafana
CVE-2021-41244	medium	—	5.5	2y ago	Grafana Fine-grained access control vulnerability
CVE-2024-1313	medium	—	5.5	2y ago	Moderate: grafana security update
CVE-2019-19499	medium	—	5.5	2y ago	Moderate: grafana security, bug fix, and enhancement update
CVE-2022-31130	medium	—	5.5	3y ago	Moderate: grafana security and enhancement update
CVE-2022-39307	medium	—	5.5	3y ago	Moderate: grafana security and enhancement update
CVE-2022-31123	medium	—	5.5	3y ago	Moderate: grafana security and enhancement update
CVE-2022-39324	medium	—	5.5	3y ago	Moderate: grafana security and enhancement update
CVE-2022-39306	medium	—	5.5	3y ago	Moderate: grafana security and enhancement update
CVE-2022-39201	medium	—	5.5	3y ago	Moderate: grafana security and enhancement update
CVE-2022-39229	medium	—	5.5	3y ago	Moderate: grafana security and enhancement update
CVE-2022-35957	medium	—	5.5	3y ago	Moderate: grafana security and enhancement update
CVE-2020-24303	medium	—	5.5	4y ago	Moderate: grafana security, bug fix, and enhancement update
CVE-2020-11110	medium	—	5.5	4y ago	Moderate: grafana security, bug fix, and enhancement update
CVE-2018-18624	medium	—	5.5	4y ago	Moderate: grafana security, bug fix, and enhancement update
CVE-2020-13430	medium	—	5.5	4y ago	Moderate: grafana security, bug fix, and enhancement update
CVE-2020-12458	medium	—	5.5	4y ago	Moderate: grafana security, bug fix, and enhancement update
CVE-2020-12459	medium	—	5.5	4y ago	Moderate: grafana security, bug fix, and enhancement update
CVE-2020-12245	medium	—	5.5	4y ago	Moderate: grafana security, bug fix, and enhancement update
CVE-2021-27358	medium	—	5.5	4y ago	Moderate: grafana security, bug fix, and enhancement update
CVE-2026-21724	unknown	—	—	2mo ago	Grafana OSS: Authorization bypass allows users with Editor role to modify protected webhook URLs without permissions
CVE-2025-41115	unknown	—	—	6mo ago	Grafana Incorrect Privilege Assignment vulnerability in github.com/grafana/grafana
CVE-2025-6023	unknown	—	—	10mo ago	Grafana is vulnerable to XSS attacks through open redirects and path traversal in github.com/grafana/grafana
CVE-2025-3415	unknown	—	—	11mo ago	Grafana's insecure DingDing Alert integration exposes sensitive information in github.com/grafana/grafana
CVE-2025-1088	unknown	—	—	11mo ago	Grafana long dashboard title or panel name causes unresponsives in github.com/grafana/grafana
CVE-2025-3260	unknown	—	—	1y ago	Grafana vulnerable to authenticated users bypassing dashboard, folder permissions in github.com/grafana/grafana
CVE-2024-11741	unknown	—	—	1y ago	Grafana Alerting VictorOps integration could be exposed to users with Viewer permission in github.com/grafana/grafana
CVE-2024-10452	unknown	—	—	2y ago	Grafana org admin can delete pending invites in different org in github.com/grafana/grafana
CVE-2024-9264	unknown	—	—	2y ago	Grafana Command Injection And Local File Inclusion Via Sql Expressions in github.com/grafana/grafana
CVE-2024-6322	unknown	—	—	2y ago	Grafana plugin data sources vulnerable to access control bypass in github.com/grafana/grafana
CVE-2022-36062	unknown	—	—	2y ago	Grafana folders admin only permission privilege escalation in github.com/grafana/grafana
CVE-2022-39328	unknown	—	—	2y ago	Grafana Race condition allowing privilege escalation in github.com/grafana/grafana
CVE-2022-31097	unknown	—	—	2y ago	Grafana Stored Cross-site Scripting in Unified Alerting in github.com/grafana/grafana
CVE-2024-1442	unknown	—	—	2y ago	Grafana's users with permissions to create a data source can CRUD all data sources in github.com/grafana/grafana
CVE-2023-6152	unknown	—	—	2y ago	Email Validation Bypass And Preventing Sign Up From Email's Owner
CVE-2018-12099	unknown	—	—	2y ago	Grafana Cross-site Scripting (XSS) in github.com/grafana/grafana
CVE-2018-18625	unknown	—	—	2y ago	Grafana XSS via adding a link in General feature in github.com/grafana/grafana
CVE-2018-18623	unknown	—	—	2y ago	Grafana XSS in Dashboard Text Panel in github.com/grafana/grafana
CVE-2023-4822	unknown	—	—	3y ago	Grafana privilege escalation vulnerability
CVE-2023-2183	unknown	—	—	3y ago	Grafana has Broken Access Control in Alert manager: Viewer can send test alerts
CVE-2023-2801	unknown	—	—	3y ago	Grafana Missing Synchronization vulnerability
CVE-2023-1410	unknown	—	—	3y ago	Grafana Stored Cross-site Scripting in Graphite FunctionDescription tooltip
CVE-2023-22462	unknown	—	—	3y ago	Grafana vulnerable to Stored Cross-site Scripting in Text plugin
CVE-2023-0507	unknown	—	—	3y ago	Grafana vulnerable to Cross-site Scripting
CVE-2023-0594	unknown	—	—	3y ago	Grafana vulnerable to Cross-site Scripting
CVE-2019-13068	unknown	—	—	4y ago	Grafana Cross-site Scripting vulnerability
CVE-2018-1000816	unknown	—	—	4y ago	Grafana XSS Vulnerability
CVE-2018-15727	unknown	—	—	4y ago	Grafana Authentication Bypass in github.com/grafana/grafana
CVE-2020-13379	unknown	—	—	4y ago	Server Side Request Forgery in Grafana