grafana vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the grafana package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Use of Uninitialized Variable	*
H Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
M Insufficient Compartmentalization	*
M Insufficiently Protected Credentials	*
M Missing Required Cryptographic Step	*
M Missing Required Cryptographic Step	*
M Missing Required Cryptographic Step	*
M Improper Input Validation	<0:9.2.10-18.el8_10
M Misinterpretation of Input	<0:9.2.10-17.el8_10
M Improper Input Validation	<0:9.2.10-17.el8_10
M Authentication Bypass	*
M Loop with Unreachable Exit Condition ('Infinite Loop')	*
H Authorization Bypass Through User-Controlled Key	<0:9.2.10-16.el8_10
H Memory Leak	<0:9.2.10-16.el8_10
M Misinterpretation of Input	*
M Improper Input Validation	*
M Arbitrary Code Injection	*
M Improper Input Validation	*
M Information Exposure	*
H Resource Exhaustion	*
M Information Exposure	*
M Allocation of Resources Without Limits or Throttling	*
M Resource Exhaustion	<0:7.5.15-5.el8_8
M Resource Exhaustion	<0:7.5.15-5.el8_8
M CVE-2023-39321	*
M Cross-site Scripting (XSS)	*
M Allocation of Resources Without Limits or Throttling	*
M Cross-site Scripting (XSS)	*
M Resource Exhaustion	*
M Resource Exhaustion	*
M Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
M Authentication Bypass by Primary Weakness	<0:9.2.10-7.el8_9
H Inefficient Regular Expression Complexity	*
M Resource Exhaustion	*
M Information Exposure	*
M Loop with Unreachable Exit Condition ('Infinite Loop')	*
M Arbitrary Code Injection	*
M Resource Exhaustion	*
M Inefficient Regular Expression Complexity	*
M Inefficient Regular Expression Complexity	*
M Inefficient Regular Expression Complexity	*
M Resource Exhaustion	*
M Cross-site Scripting (XSS)	*
M Cross-site Scripting (XSS)	*
M External Control of Assumed-Immutable Web Parameter	*
M Allocation of Resources Without Limits or Throttling	*
M Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
M Incorrect Implementation of Authentication Algorithm	*
M Information Exposure	*
M Inefficient Regular Expression Complexity	*
M Improper Authentication	<0:7.5.15-4.el8
M CVE-2022-39201	*
M Insufficiently Protected Credentials	*
M Improper Verification of Cryptographic Signature	*
M CVE-2022-41715	<0:7.5.15-4.el8
M HTTP Request Smuggling	<0:7.5.15-4.el8
M Authentication Bypass	*
M Inefficient Regular Expression Complexity	*
M Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
M Resource Exhaustion	<0:7.5.15-4.el8
M Inefficient Regular Expression Complexity	*
L Resource Exhaustion	*
M Information Exposure	<0:7.5.15-3.el8
H Improper Authentication	<0:7.5.11-3.el8_6
M Improperly Controlled Sequential Memory Allocation	<0:7.5.15-3.el8
M Improperly Controlled Sequential Memory Allocation	<0:7.5.15-3.el8
M Improperly Controlled Sequential Memory Allocation	<0:7.5.15-3.el8
M Improperly Controlled Sequential Memory Allocation	<0:7.5.15-3.el8
M Improperly Controlled Sequential Memory Allocation	<0:7.5.15-3.el8
M Improperly Controlled Sequential Memory Allocation	<0:7.5.15-3.el8
M Improperly Controlled Sequential Memory Allocation	<0:7.5.15-3.el8
M HTTP Request Smuggling	<0:7.5.15-3.el8
L Directory Traversal	*
M Open Redirect	*
L Insufficient Entropy	*
M Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
M Missing Release of Resource after Effective Lifetime	<0:7.5.15-3.el8
M Cross-site Scripting (XSS)	<0:7.5.15-3.el8
M Incorrect Authorization	<0:7.5.15-3.el8
M Cross-site Scripting (XSS)	<0:7.5.15-3.el8
M Cross-site Request Forgery (CSRF)	<0:7.5.15-3.el8
M Information Exposure	<0:7.5.15-3.el8
L Directory Traversal	<0:7.5.11-2.el8
H Resource Exhaustion	<0:7.5.9-5.el8_5
H Authorization Bypass Through User-Controlled Key	<0:7.3.6-3.el8_4
M Improper Input Validation	<0:7.5.9-4.el8
M Improper Input Validation	<0:7.5.9-4.el8
M Misinterpretation of Input	<0:7.3.6-2.el8
M Cross-site Scripting (XSS)	<0:7.3.6-2.el8
M Arbitrary Argument Injection	<0:6.7.4-3.el8
M Cross-site Scripting (XSS)	<0:6.7.4-3.el8
M Cross-site Scripting (XSS)	<0:6.7.4-3.el8
M Incorrect Permission Assignment for Critical Resource	<0:6.7.4-3.el8
M Cross-site Scripting (XSS)	<0:6.7.4-3.el8
M Cross-site Scripting (XSS)	<0:6.7.4-3.el8
M Incorrect Permission Assignment for Critical Resource	<0:6.7.4-3.el8
M Cross-site Scripting (XSS)	<0:6.7.4-3.el8
H Server-Side Request Forgery (SSRF)	<0:6.3.6-2.el8_2
M Improper Access Control	<0:6.3.6-1.el8
M Incorrect Calculation	<0:7.5.9-4.el8
M Improper Certificate Validation	*
M Improper Input Validation	<0:7.5.9-4.el8
M Missing Authorization	<0:7.5.9-4.el8