grafana vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the grafana package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Use of Uninitialized Variable	*
H Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
M Insufficient Compartmentalization	*
M Insufficiently Protected Credentials	*
M Inefficient Regular Expression Complexity	*
M Improperly Controlled Sequential Memory Allocation	*
H Uncontrolled Recursion	<0:9.2.10-17.el9_4
M Uncontrolled Recursion	*
M Improper Input Validation	*
M Information Exposure Through Log Files	*
M Improper Input Validation	*
M Misinterpretation of Input	*
M Authentication Bypass	*
M Loop with Unreachable Exit Condition ('Infinite Loop')	*
M Authorization Bypass Through User-Controlled Key	<0:9.2.10-16.el9_4
M Memory Leak	<0:9.2.10-16.el9_4
M Arbitrary Code Injection	*
M Improper Input Validation	*
M Misinterpretation of Input	*
M Improper Input Validation	*
M Information Exposure	*
C Directory Traversal	*
H Resource Exhaustion	*
M Information Exposure	*
M Resource Exhaustion	<0:9.0.9-4.el9_2
M Resource Exhaustion	<0:9.0.9-4.el9_2
M CVE-2023-39321	*
M Cross-site Scripting (XSS)	*
M Allocation of Resources Without Limits or Throttling	*
M Cross-site Scripting (XSS)	*
M Resource Exhaustion	*
M Resource Exhaustion	*
M Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
C Authentication Bypass by Primary Weakness	<0:9.0.9-3.el9_2
H Inefficient Regular Expression Complexity	*
M Missing Synchronization	*
M Improper Access Control	*
M Resource Exhaustion	*
M Information Exposure	*
M Loop with Unreachable Exit Condition ('Infinite Loop')	*
M Arbitrary Code Injection	*
M Resource Exhaustion	<0:9.2.10-7.el9_3
M Inefficient Regular Expression Complexity	*
M Inefficient Regular Expression Complexity	*
M Inefficient Regular Expression Complexity	*
M Cross-site Scripting (XSS)	*
M Resource Exhaustion	*
M Cross-site Scripting (XSS)	*
M Cross-site Scripting (XSS)	*
M Cross-site Scripting (XSS)	*
M Cross-site Scripting (XSS)	<0:9.2.10-7.el9_3
M External Control of Assumed-Immutable Web Parameter	<0:9.2.10-7.el9_3
M Allocation of Resources Without Limits or Throttling	<0:9.2.10-7.el9_3
M Authentication Bypass by Primary Weakness	*
M Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
M Incorrect Implementation of Authentication Algorithm	<0:9.2.10-7.el9_3
M Information Exposure	<0:9.2.10-7.el9_3
M Inefficient Regular Expression Complexity	*
M Improper Authentication	<0:9.0.9-2.el9
M CVE-2022-39201	<0:9.2.10-7.el9_3
M Insufficiently Protected Credentials	<0:9.2.10-7.el9_3
M Improper Verification of Cryptographic Signature	<0:9.2.10-7.el9_3
M CVE-2022-41715	<0:9.0.9-2.el9
M HTTP Request Smuggling	<0:9.0.9-2.el9
M Authentication Bypass	<0:9.0.9-2.el9
M Inefficient Regular Expression Complexity	*
M Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
M Resource Exhaustion	<0:9.0.9-2.el9
L Resource Exhaustion	*
H Information Exposure	<0:7.5.15-3.el9
H Improper Authentication	<0:7.5.11-5.el9_0
H Improperly Controlled Sequential Memory Allocation	<0:7.5.15-3.el9
H Improperly Controlled Sequential Memory Allocation	<0:7.5.15-3.el9
H Improperly Controlled Sequential Memory Allocation	<0:7.5.15-3.el9
H Improperly Controlled Sequential Memory Allocation	<0:7.5.15-3.el9
H Improperly Controlled Sequential Memory Allocation	<0:7.5.15-3.el9
H Improperly Controlled Sequential Memory Allocation	<0:7.5.15-3.el9
H Improperly Controlled Sequential Memory Allocation	<0:7.5.15-3.el9
H HTTP Request Smuggling	<0:7.5.15-3.el9
L Directory Traversal	*
M Open Redirect	*
L Insufficient Entropy	*
M Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
H Missing Release of Resource after Effective Lifetime	<0:7.5.15-3.el9
H Cross-site Scripting (XSS)	<0:7.5.15-3.el9
H Incorrect Authorization	<0:7.5.15-3.el9
H Cross-site Scripting (XSS)	<0:7.5.15-3.el9
H Cross-site Request Forgery (CSRF)	<0:7.5.15-3.el9
H Information Exposure	<0:7.5.15-3.el9