Package impact
Go / github.com/prometheus/prometheus
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42154 | high | 7.5 | 7.5 | 26d ago | Prometheus: Remote read endpoint allows denial of service via crafted snappy payload | |||
| CVE-2026-42151 | high | 7.5 | 7.5 | 26d ago | Prometheus Azure AD remote write OAuth client secret exposed via config API | |||
| CVE-2026-44903 | medium | — | 5.5 | 4d ago | Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI (enabled via the command-line flag --enable-f… | |||
| CVE-2021-29622 | medium | — | 5.5 | 4y ago | Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redire… |