Homepage

grafana vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the grafana package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • M
Arbitrary Code Injection

*
  • L
Information Exposure

*
  • H
Improper Validation of Syntactic Correctness of Input

*
  • L
Authorization Bypass Through User-Controlled Key

*
  • M
Authentication Bypass

*
  • M
Authentication Bypass

*
  • M
Authorization Bypass Through User-Controlled Key

*
  • M
Improper Privilege Management

*
  • M
Inefficient Regular Expression Complexity

*
  • H
Resource Exhaustion

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Missing Synchronization

*
  • M
Missing Synchronization

*
  • M
Improper Access Control

*
  • M
Improper Access Control

*
  • M
Information Exposure

*
  • M
Information Exposure

*
  • M
Inefficient Regular Expression Complexity

*
  • M
Inefficient Regular Expression Complexity

*
  • M
Inefficient Regular Expression Complexity

*
  • M
Inefficient Regular Expression Complexity

*
  • M
Inefficient Regular Expression Complexity

*
  • M
Inefficient Regular Expression Complexity

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

<0:5.2.4-2.el7cp
  • M
Information Exposure

*
  • M
Information Exposure

*
  • M
Information Exposure

*
  • M
Information Exposure

<0:4.3.2-4.el7cp
  • M
Information Exposure

<0:5.2.4-2.el7cp
  • M
Improper Authentication

*
  • M
Improper Authentication

*
  • M
Improper Authentication

<0:4.6.4-1.el7rhgs
  • M
Improper Authentication

<0:5.2.4-1.el7cp
  • M
Improper Authentication

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • L
Open Redirect

*
  • L
Open Redirect

*
  • M
Open Redirect

*
  • M
Resource Exhaustion

*
  • M
Resource Exhaustion

*
  • M
Resource Exhaustion

*
  • M
Resource Exhaustion

*
  • M
Resource Exhaustion

*
  • L
Resource Exhaustion

*
  • L
Resource Exhaustion

*
  • L
Resource Exhaustion

*
  • M
Cross-site Scripting (XSS)

*
  • L
Resource Exhaustion

*
  • H
Improper Input Validation

<0:5.2.4-3.el7cp
  • H
Directory Traversal

<0:5.2.4-6.el7rhgs
  • H
HTTP Request Smuggling

<0:5.2.4-6.el7rhgs
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
External Control of Assumed-Immutable Web Parameter

*
  • M
External Control of Assumed-Immutable Web Parameter

*
  • M
Inefficient Regular Expression Complexity

*
  • M
Inefficient Regular Expression Complexity

*
  • M
Incorrect Implementation of Authentication Algorithm

*
  • M
Incorrect Implementation of Authentication Algorithm

*
  • M
Information Exposure

*
  • M
Information Exposure

*
  • M
Improper Authentication

*
  • M
Improper Authentication

*
  • M
CVE-2022-39201

*
  • M
CVE-2022-39201

*
  • M
Insufficiently Protected Credentials

*
  • M
Insufficiently Protected Credentials

*
  • M
Improper Verification of Cryptographic Signature

*
  • M
Improper Verification of Cryptographic Signature

*
  • M
Authentication Bypass

*
  • M
Authentication Bypass

*
  • H
Cross-site Scripting (XSS)

*
  • H
Cross-site Scripting (XSS)

*
  • H
Improper Authentication

*
  • H
Improper Authentication

*
  • M
Resource Exhaustion

*
  • H
Resource Exhaustion

<0:5.2.4-6.el7rhgs
  • L
Directory Traversal

*
  • L
Directory Traversal

*
  • H
Incorrect Behavior Order: Early Validation

<0:5.2.4-6.el7rhgs
  • H
Resource Exhaustion

<0:5.2.4-6.el7rhgs
  • M
Integer Overflow or Wraparound

*
  • M
Buffer Overflow

*
  • M
Buffer Overflow

*
  • M
Buffer Overflow

*
  • M
Directory Traversal

*
  • M
Directory Traversal

*
  • M
Cleartext Storage of Sensitive Information

*
  • M
Cleartext Storage of Sensitive Information

*
  • M
Resource Exhaustion

*
  • M
Resource Exhaustion

*
  • M
Resource Exhaustion

*
  • M
Incorrect Authorization

*
  • M
Incorrect Authorization

*
  • M
Integer Overflow or Wraparound

*
  • M
Integer Overflow or Wraparound

*
  • M
Incorrect Authorization

*
  • M
Incorrect Authorization

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Request Forgery (CSRF)

*
  • M
Cross-site Request Forgery (CSRF)

*
  • M
Information Exposure

*
  • M
Information Exposure

*
  • M
Open Redirect

*
  • M
Open Redirect

*
  • L
Directory Traversal

*
  • L
Directory Traversal

*
  • L
Directory Traversal

*
  • L
Directory Traversal

*
  • L
Directory Traversal

*
  • M
Information Exposure

*
  • M
Information Exposure

*
  • M
Information Exposure

*
  • H
Resource Exhaustion

*
  • H
Resource Exhaustion

<0:5.2.4-5.el7rhgs
  • M
Improper Input Validation

*
  • M
Improper Input Validation

*
  • M
Incorrect Authorization

*
  • M
Incorrect Authorization

*
  • M
Out-of-Bounds

*
  • M
Out-of-Bounds

*
  • M
Improper Input Validation

*
  • M
Improper Input Validation

*
  • M
Improper Input Validation

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • H
Improper Authentication

*
  • M
Improper Input Validation

*
  • M
Improper Input Validation

*
  • M
Improper Input Validation

*
  • M
Improper Input Validation

*
  • M
Improper Input Validation

*
  • H
Insufficiently Protected Credentials

<0:5.2.4-3.el7cp
  • H
Improper Input Validation

<0:5.2.4-3.el7cp
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

<0:5.2.4-1.el7cp
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Resource Exhaustion

*
  • M
Improper Input Validation

*
  • M
Improper Input Validation

*
  • H
Authorization Bypass Through User-Controlled Key

*
  • H
Authorization Bypass Through User-Controlled Key

*
  • M
Authorization Bypass Through User-Controlled Key

*
  • M
Resource Exhaustion

*
  • M
Resource Exhaustion

*
  • M
Resource Exhaustion

*
  • M
Race Condition

*
  • M
Race Condition

*
  • M
Race Condition

*
  • M
Improper Input Validation

*
  • M
Improper Input Validation

*
  • M
Improper Input Validation

*
  • M
Resource Exhaustion

*
  • M
Resource Exhaustion

*
  • M
Resource Exhaustion

*
  • M
Improper Input Validation

*
  • M
Improper Input Validation

*
  • M
Improper Input Validation

*
  • M
Improper Input Validation

*
  • M
Improper Input Validation

*
  • M
Improper Input Validation

*
  • M
Cross-site Scripting (XSS)

*
  • L
Cross-site Scripting (XSS)

*
  • L
Cross-site Scripting (XSS)

*
  • L
Arbitrary Argument Injection

*
  • L
Arbitrary Argument Injection

*
  • M
Arbitrary Argument Injection

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Incorrect Permission Assignment for Critical Resource

*
  • M
Incorrect Permission Assignment for Critical Resource

*
  • M
Incorrect Permission Assignment for Critical Resource

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Incorrect Permission Assignment for Critical Resource

*
  • L
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • L
Cross-site Scripting (XSS)

*
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • H
Server-Side Request Forgery (SSRF)

<0:5.2.4-3.el7cp
  • H
Server-Side Request Forgery (SSRF)

*
  • H
Server-Side Request Forgery (SSRF)

<0:5.2.4-3.el7rhgs
  • M
Improper Access Control

*
  • M
Improper Access Control

*
  • M
Improper Access Control

*
  • M
Arbitrary Code Injection

*
  • M
Arbitrary Code Injection

*
  • M
Incorrect Calculation

*
  • M
Incorrect Calculation

*
  • M
Incorrect Calculation

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Improper Input Validation

*
  • M
Improper Input Validation

*
  • M
Improper Certificate Validation

*
  • L
Race Condition

*
  • L
Race Condition

*
  • L
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • L
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • L
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • M
Resource Exhaustion

*
  • M
Resource Exhaustion

*
  • M
Resource Exhaustion

*
  • M
Improper Input Validation

*
  • M
Improper Input Validation

*
  • M
Improper Input Validation

*
  • M
Resource Exhaustion

*
  • M
Resource Exhaustion

*
  • M
Resource Exhaustion

*
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • M
Improper Input Validation

*
  • M
Improper Input Validation

*
  • M
Improper Input Validation

*
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • L
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • L
Missing Authorization

*
  • M
Missing Authorization

*
  • L
Missing Authorization

*
  • M
Resource Exhaustion

*
  • M
Resource Exhaustion

*
  • L
Arbitrary Code Injection

*
  • L
Arbitrary Code Injection

*
  • L
Improper Validation of Array Index

*
  • L
Improper Validation of Array Index

*