grafana vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the grafana package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • H
Allocation of Resources Without Limits or Throttling

*
  • M
CRLF Injection

*
  • L
Improper Handling of Exceptional Conditions

*
  • L
Authorization Bypass Through User-Controlled Key

*
  • H
Use of Uninitialized Variable

<0:9.2.10-19.el9_4
  • H
Cross-site Scripting (XSS)

<0:9.2.10-19.el9_4
  • H
Cross-site Scripting (XSS)

<0:10.2.6-7.el9_5
  • M
Use of Uninitialized Variable

*
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

*
  • H
Use of Uninitialized Variable

<0:9.2.10-19.el9_4
  • M
Insufficient Compartmentalization

*
  • H
Uncontrolled Recursion

<0:9.0.9-5.el9_2
  • H
Uncontrolled Recursion

<0:9.0.9-5.el9_2
  • H
Uncontrolled Recursion

<0:9.0.9-5.el9_2
  • H
Uncontrolled Recursion

<0:7.5.11-7.el9_0
  • H
Uncontrolled Recursion

<0:9.2.10-17.el9_4
  • M
Insufficiently Protected Credentials

*
  • M
Inefficient Regular Expression Complexity

*
  • M
Improperly Controlled Sequential Memory Allocation

*
  • H
Uncontrolled Recursion

<0:10.2.6-7.el9_5
  • M
Uncontrolled Recursion

*
  • M
Authorization Bypass Through User-Controlled Key

<0:9.2.10-16.el9_4
  • M
Memory Leak

<0:9.2.10-16.el9_4
  • M
Resource Exhaustion

<0:9.2.10-7.el9_3
  • M
Allocation of Resources Without Limits or Throttling

<0:9.2.10-7.el9_3
  • M
External Control of Assumed-Immutable Web Parameter

<0:9.2.10-7.el9_3
  • M
Information Exposure

<0:9.2.10-7.el9_3
  • M
Incorrect Implementation of Authentication Algorithm

<0:9.2.10-7.el9_3
  • M
CVE-2022-39201

<0:9.2.10-7.el9_3
  • M
Insufficiently Protected Credentials

<0:9.2.10-7.el9_3
  • M
Improper Verification of Cryptographic Signature

<0:9.2.10-7.el9_3
  • M
Cross-site Scripting (XSS)

<0:9.2.10-7.el9_3
  • C
Authentication Bypass by Primary Weakness

<0:9.0.9-3.el9_2
  • M
CVE-2022-41715

<0:9.0.9-2.el9
  • M
Improper Authentication

<0:9.0.9-2.el9
  • M
Authentication Bypass

<0:9.0.9-2.el9
  • M
HTTP Request Smuggling

<0:9.0.9-2.el9
  • M
Resource Exhaustion

<0:9.0.9-2.el9
  • H
Information Exposure

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Incorrect Authorization

<0:7.5.15-3.el9
  • H
Cross-site Request Forgery (CSRF)

<0:7.5.15-3.el9
  • H
Cross-site Scripting (XSS)

<0:7.5.15-3.el9
  • H
Missing Release of Resource after Effective Lifetime

<0:7.5.15-3.el9
  • H
Information Exposure

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
HTTP Request Smuggling

<0:7.5.15-3.el9
  • H
Cross-site Scripting (XSS)

<0:7.5.15-3.el9
  • H
Improper Authentication

<0:7.5.11-5.el9_0
  • M
Resource Exhaustion

<0:9.0.9-4.el9_2
  • M
Resource Exhaustion

<0:9.0.9-4.el9_2
  • M
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

*
  • M
Improper Input Validation

<0:10.2.6-4.el9
  • M
Information Exposure Through Log Files

<0:10.2.6-4.el9
  • M
Improper Input Validation

<0:10.2.6-4.el9
  • M
Misinterpretation of Input

<0:10.2.6-4.el9
  • M
Authentication Bypass

*
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

<0:10.2.6-4.el9
  • H
Resource Exhaustion

*
  • H
Resource Exhaustion

*
  • H
Resource Exhaustion

*
  • H
Resource Exhaustion

*
  • M
Authorization Bypass Through User-Controlled Key

<0:9.2.10-16.el9_4
  • M
Memory Leak

<0:9.2.10-16.el9_4
  • M
Arbitrary Code Injection

*
  • M
Improper Input Validation

*
  • M
Misinterpretation of Input

*
  • M
Improper Input Validation

*
  • M
Information Exposure

*
  • C
Directory Traversal

*
  • H
Resource Exhaustion

*
  • M
Information Exposure

*
  • M
Resource Exhaustion

<0:9.0.9-4.el9_2
  • M
Resource Exhaustion

<0:9.0.9-4.el9_2
  • M
Resource Exhaustion

<0:7.5.11-6.el9_0
  • M
Resource Exhaustion

<0:9.0.9-4.el9_2
  • M
Resource Exhaustion

<0:9.0.9-4.el9_2
  • M
Resource Exhaustion

<0:7.5.11-6.el9_0
  • M
Resource Exhaustion

<0:9.0.9-4.el9_2
  • M
Resource Exhaustion

<0:7.5.11-6.el9_0
  • M
Resource Exhaustion

<0:9.0.9-4.el9_2
  • M
Resource Exhaustion

<0:7.5.11-6.el9_0
  • M
Resource Exhaustion

<0:9.0.9-4.el9_2
  • M
Resource Exhaustion

<0:9.0.9-4.el9_2
  • M
CVE-2023-39321

*
  • M
Cross-site Scripting (XSS)

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • M
Cross-site Scripting (XSS)

*
  • M
Resource Exhaustion

*
  • M
Resource Exhaustion

*
  • M
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

*
  • C
Authentication Bypass by Primary Weakness

<0:9.0.9-3.el9_2
  • C
Authentication Bypass by Primary Weakness

<0:9.0.9-3.el9_2
  • C
Authentication Bypass by Primary Weakness

<0:9.0.9-3.el9_2
  • C
Authentication Bypass by Primary Weakness

<0:9.0.9-3.el9_2
  • H
Inefficient Regular Expression Complexity

*
  • M
Missing Synchronization

*
  • M
Improper Access Control

*
  • M
Resource Exhaustion

*
  • M
Information Exposure

*
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • M
Arbitrary Code Injection

*
  • M
Resource Exhaustion

<0:9.2.10-7.el9_3
  • M
Inefficient Regular Expression Complexity

*
  • M
Inefficient Regular Expression Complexity

*
  • M
Inefficient Regular Expression Complexity

*
  • M
Cross-site Scripting (XSS)

*
  • M
Resource Exhaustion

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

<0:9.2.10-7.el9_3
  • M
External Control of Assumed-Immutable Web Parameter

<0:9.2.10-7.el9_3
  • M
Allocation of Resources Without Limits or Throttling

<0:9.2.10-7.el9_3
  • M
Authentication Bypass by Primary Weakness

*
  • M
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

*
  • M
Incorrect Implementation of Authentication Algorithm

<0:9.2.10-7.el9_3
  • M
Information Exposure

<0:9.2.10-7.el9_3
  • M
Inefficient Regular Expression Complexity

*
  • M
Improper Authentication

<0:9.0.9-2.el9
  • M
Improper Authentication

<0:9.0.9-2.el9
  • M
Improper Authentication

<0:9.0.9-2.el9
  • M
Improper Authentication

<0:9.0.9-2.el9
  • M
CVE-2022-39201

<0:9.2.10-7.el9_3
  • M
Insufficiently Protected Credentials

<0:9.2.10-7.el9_3
  • M
Improper Verification of Cryptographic Signature

<0:9.2.10-7.el9_3
  • M
CVE-2022-41715

<0:9.0.9-2.el9
  • M
CVE-2022-41715

<0:9.0.9-2.el9
  • M
CVE-2022-41715

<0:9.0.9-2.el9
  • M
CVE-2022-41715

<0:9.0.9-2.el9
  • M
HTTP Request Smuggling

<0:9.0.9-2.el9
  • M
HTTP Request Smuggling

<0:9.0.9-2.el9
  • M
HTTP Request Smuggling

<0:9.0.9-2.el9
  • M
HTTP Request Smuggling

<0:9.0.9-2.el9
  • M
Authentication Bypass

<0:9.0.9-2.el9
  • M
Authentication Bypass

<0:9.0.9-2.el9
  • M
Authentication Bypass

<0:9.0.9-2.el9
  • M
Authentication Bypass

<0:9.0.9-2.el9
  • M
Inefficient Regular Expression Complexity

*
  • M
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

*
  • M
Resource Exhaustion

<0:9.0.9-2.el9
  • M
Resource Exhaustion

<0:9.0.9-2.el9
  • M
Resource Exhaustion

<0:9.0.9-2.el9
  • M
Resource Exhaustion

<0:9.0.9-2.el9
  • L
Resource Exhaustion

*
  • H
Information Exposure

<0:7.5.15-3.el9
  • H
Information Exposure

<0:7.5.15-3.el9
  • H
Information Exposure

<0:7.5.15-3.el9
  • H
Information Exposure

<0:7.5.15-3.el9
  • H
Improper Authentication

<0:7.5.11-5.el9_0
  • H
Improper Authentication

<0:7.5.11-5.el9_0
  • H
Improper Authentication

<0:7.5.11-5.el9_0
  • H
Improper Authentication

<0:7.5.11-5.el9_0
  • H
Improper Authentication

<0:7.5.11-5.el9_0
  • H
Improper Authentication

<0:7.5.11-5.el9_0
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
Improperly Controlled Sequential Memory Allocation

<0:7.5.15-3.el9
  • H
HTTP Request Smuggling

<0:7.5.15-3.el9
  • H
HTTP Request Smuggling

<0:7.5.15-3.el9
  • H
HTTP Request Smuggling

<0:7.5.15-3.el9
  • H
HTTP Request Smuggling

<0:7.5.15-3.el9
  • L
Directory Traversal

*
  • M
Open Redirect

*
  • L
Insufficient Entropy

*
  • M
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

*
  • H
Missing Release of Resource after Effective Lifetime

<0:7.5.15-3.el9
  • H
Missing Release of Resource after Effective Lifetime

<0:7.5.15-3.el9
  • H
Missing Release of Resource after Effective Lifetime

<0:7.5.15-3.el9
  • H
Missing Release of Resource after Effective Lifetime

<0:7.5.15-3.el9
  • H
Cross-site Scripting (XSS)

<0:7.5.15-3.el9
  • H
Cross-site Scripting (XSS)

<0:7.5.15-3.el9
  • H
Cross-site Scripting (XSS)

<0:7.5.15-3.el9
  • H
Cross-site Scripting (XSS)

<0:7.5.15-3.el9
  • H
Incorrect Authorization

<0:7.5.15-3.el9
  • H
Incorrect Authorization

<0:7.5.15-3.el9
  • H
Incorrect Authorization

<0:7.5.15-3.el9
  • H
Incorrect Authorization

<0:7.5.15-3.el9
  • H
Cross-site Scripting (XSS)

<0:7.5.15-3.el9
  • H
Cross-site Scripting (XSS)

<0:7.5.15-3.el9
  • H
Cross-site Scripting (XSS)

<0:7.5.15-3.el9
  • H
Cross-site Scripting (XSS)

<0:7.5.15-3.el9
  • H
Cross-site Request Forgery (CSRF)

<0:7.5.15-3.el9
  • H
Cross-site Request Forgery (CSRF)

<0:7.5.15-3.el9
  • H
Cross-site Request Forgery (CSRF)

<0:7.5.15-3.el9
  • H
Cross-site Request Forgery (CSRF)

<0:7.5.15-3.el9
  • H
Information Exposure

<0:7.5.15-3.el9
  • H
Information Exposure

<0:7.5.15-3.el9
  • H
Information Exposure

<0:7.5.15-3.el9
  • H
Information Exposure

<0:7.5.15-3.el9