pkg:Go/github.com/grafana/grafana

共 96 筆 CVECRITICAL10HIGH16MEDIUM66LOW4

✅ 檢查你的版本

所有已知漏洞

HIGH7.5CVE-2021-43798⚠ KEVGrafana path traversal
>= 8.3.0, < 8.3.1
HIGH7.3CVE-2021-39226⚠ KEVAuthentication bypass for viewing and deletions of snapshots
from 0, < 7.5.11
CRITICAL10.0CVE-2025-41115Grafana Incorrect Privilege Assignment vulnerability in github.com/grafana/grafana
>= 1.9.2-0.20250310110405-e6fdb746f235
CRITICAL10.0CVE-2025-41115Grafana Incorrect Privilege Assignment vulnerability in github.com/grafana/grafana
>= 12.0.0, < 12.0.7
CRITICAL9.9CVE-2024-9264Grafana Command Injection And Local File Inclusion Via Sql Expressions in github.com/grafana/grafana
from 0
CRITICAL9.9CVE-2024-9264Grafana Command Injection And Local File Inclusion Via Sql Expressions in github.com/grafana/grafana
>= 11.0.0, < 11.0.6+security-01
CRITICAL9.8CVE-2022-39328Grafana vulnerable to race condition allowing privilege escalation
from 0
CRITICAL9.8CVE-2022-39328Grafana vulnerable to race condition allowing privilege escalation
>= 9.2.0, < 9.2.4
CRITICAL9.8CVE-2018-15727Grafana Authentication Bypass in github.com/grafana/grafana
from 0, < 4.6.4
CRITICAL9.8CVE-2018-15727Grafana Authentication Bypass in github.com/grafana/grafana
from 0, < 4.6.4+incompatible, >= 5.0.0+incompatible, < 5.2.3+incompatible
CRITICAL9.4CVE-2023-3128Grafana vulnerable to Authentication Bypass by Spoofing
>= 9.4.0, < 9.4.13
CRITICAL9.1CVE-2021-41244Grafana Fine-grained access control vulnerability
>= 8.0.0, < 8.2.4
HIGH8.3CVE-2025-3260Grafana vulnerable to authenticated users bypassing dashboard, folder permissions
>= 0.0.0-20250114093457-36d6fad421fb, < 0.0.0-20250521183405-c7a690348df7
HIGH8.3CVE-2025-3260Grafana vulnerable to authenticated users bypassing dashboard, folder permissions
>= 0.0.0-20250114093457-36d6fad421fb
HIGH8.2CVE-2021-27358Denial of service in Grafana
>= 6.7.3, < 7.4.2
HIGH7.6CVE-2025-6023Grafana is vulnerable to XSS attacks through open redirects and path traversal in github.com/grafana/grafana
from 0
HIGH7.6CVE-2025-6023Grafana is vulnerable to XSS attacks through open redirects and path traversal in github.com/grafana/grafana
from 0, < 1.9.2-0.20250521205822-0ba0b99665a9
HIGH7.6CVE-2025-4123Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin
from 0
HIGH7.6CVE-2025-4123Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin
from 0, < 0.0.0-20250521183405-c7a690348df7
HIGH7.6CVE-2022-36062Grafana folders admin only permission privilege escalation in github.com/grafana/grafana
from 0
HIGH7.6CVE-2022-36062Grafana folders admin only permission privilege escalation in github.com/grafana/grafana
>= 8.5.0, < 8.5.13
HIGH7.5CVE-2023-2801Grafana Missing Synchronization vulnerability
from 0, < 9.4.12
HIGH7.3CVE-2022-31097Stored XSS in Grafana's Unified Alerting
from 0
HIGH7.3CVE-2022-31097Stored XSS in Grafana's Unified Alerting
>= 9.0.0, < 9.0.3
HIGH7.1CVE-2022-31107Grafana account takeover via OAuth vulnerability
from 0
HIGH7.1CVE-2022-31107Grafana account takeover via OAuth vulnerability
>= 5.3.0-beta1, < 8.3.10
MEDIUM6.8CVE-2025-41117Grafana has a Cross-site Scripting issue
>= 12.2.0, < 12.2.5
MEDIUM6.8CVE-2022-39201Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
>= 5.0.0-beta1, < 8.5.14
MEDIUM6.8CVE-2022-39201Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
>= 5.0.0-beta1+incompatible
MEDIUM6.8CVE-2022-21702Cross site scripting in Grafana proxy
>= 2.0.0-beta1, < 7.5.15
MEDIUM6.7CVE-2022-39307Grafana User enumeration via forget password
from 0
MEDIUM6.7CVE-2022-39307Grafana User enumeration via forget password
>= 9.0.0, < 9.2.4
MEDIUM6.7CVE-2022-39324Grafana Spoofing originalUrl of snapshots
from 0
MEDIUM6.7CVE-2022-39324Grafana Spoofing originalUrl of snapshots
>= 9.0.0, < 9.2.8
MEDIUM6.7CVE-2023-4822Grafana privilege escalation vulnerability
from 0, <= 10.1.5
MEDIUM6.6CVE-2022-35957Grafana Escalation from admin to server admin when auth proxy is used
>= 9.1.0, < 9.1.6
MEDIUM6.6CVE-2022-35957Grafana Escalation from admin to server admin when auth proxy is used
from 0
MEDIUM6.5CVE-2026-27877Grafana public dashboards disclose all direct mode datasources
>= 9.3.0
MEDIUM6.5CVE-2024-1313Grafana: Users outside an organization can delete a snapshot with its key
from 0
MEDIUM6.5CVE-2024-1313Grafana: Users outside an organization can delete a snapshot with its key
>= 9.5.0, < 9.5.18
MEDIUM6.5CVE-2019-19499Grafana Arbitrary File Read
from 0, < 6.4.4
MEDIUM6.5CVE-2019-19499Grafana Arbitrary File Read
from 0
MEDIUM6.4CVE-2022-39306Grafana Email addresses and usernames can not be trusted
from 0
MEDIUM6.4CVE-2022-39306Grafana Email addresses and usernames can not be trusted
>= 8.0.0, < 8.5.15
MEDIUM6.4CVE-2023-22462Grafana vulnerable to Stored Cross-site Scripting in Text plugin
>= 9.2.0, < 9.2.10
MEDIUM6.2CVE-2023-1410Grafana Stored Cross-site Scripting in Graphite FunctionDescription tooltip
>= 8.0.0, < 8.5.22
MEDIUM6.1CVE-2022-31123Grafana Plugin signature bypass in github.com/grafana/grafana
>= 9.0.0, < 9.1.8
MEDIUM6.1CVE-2022-31123Grafana Plugin signature bypass in github.com/grafana/grafana
from 0
MEDIUM6.1CVE-2018-12099Grafana Cross-site Scripting (XSS) in github.com/grafana/grafana
from 0, < 5.2.0-beta1+incompatible
MEDIUM6.1CVE-2018-12099Grafana Cross-site Scripting (XSS) in github.com/grafana/grafana
from 0, < 5.2.0-beta1
MEDIUM6.1CVE-2018-18625Grafana XSS via adding a link in General feature
from 0, < 6.0.0-beta1
MEDIUM6.1CVE-2018-18625Grafana XSS via adding a link in General feature
from 0, < 6.0.0-beta1+incompatible
MEDIUM6.1CVE-2018-18623Grafana XSS in Dashboard Text Panel
from 0, < 6.0.0-beta1+incompatible
MEDIUM6.1CVE-2018-18623Grafana XSS in Dashboard Text Panel
from 0, < 6.0.0-beta1
MEDIUM6.1CVE-2020-24303Grafana XSS via a query alias for the ElasticSearch datasource in github.com/grafana/grafana
from 0, < 7.1.0-beta1
MEDIUM6.1CVE-2020-24303Grafana XSS via a query alias for the ElasticSearch datasource in github.com/grafana/grafana
from 0
MEDIUM6.1CVE-2018-18624Grafana XSS via a column style
from 0
MEDIUM6.1CVE-2018-18624Grafana XSS via a column style
from 0, < 7.0.0
MEDIUM6.1CVE-2020-13430Grafana XSS via the OpenTSDB datasource
from 0, < 7.0.0
MEDIUM6.1CVE-2020-13430Grafana XSS via the OpenTSDB datasource
from 0
MEDIUM6.1CVE-2020-12245Grafana XSS in header column rename
from 0, < 6.7.3
MEDIUM6.1CVE-2020-12245Grafana XSS in header column rename
from 0
MEDIUM6.0CVE-2024-1442Grafana's users with permissions to create a data source can CRUD all data sources
from 0
MEDIUM6.0CVE-2024-1442Grafana's users with permissions to create a data source can CRUD all data sources
>= 8.5.0, < 9.5.7
MEDIUM5.8CVE-2020-13379Server Side Request Forgery in Grafana
>= 3.0.1, < 6.7.4
MEDIUM5.5CVE-2020-12458Grafana information disclosure
from 0
MEDIUM5.5CVE-2020-12458Grafana information disclosure
from 0, < 7.2.1
MEDIUM5.5CVE-2020-12459Grafana world readable configuration files
from 0
MEDIUM5.5CVE-2020-12459Grafana world readable configuration files
>= 6.0.0-beta1, < 7.2.1
MEDIUM5.4CVE-2026-21724Grafana OSS: Authorization bypass allows users with Editor role to modify protected webhook URLs without permissions
from 0, < 1.9.2-0.20260323180334-daffe750de85
MEDIUM5.4CVE-2023-6152Email Validation Bypass And Preventing Sign Up From Email's Owner
>= 2.5.0, < 9.5.16
MEDIUM5.4CVE-2023-0594Grafana vulnerable to Cross-site Scripting
>= 7.0.0, < 8.5.21
MEDIUM5.4CVE-2023-0507Grafana vulnerable to Cross-site Scripting
>= 8.1.0, < 8.5.21
MEDIUM5.4CVE-2020-11110Grafana stored XSS in github.com/grafana/grafana
from 0, < 6.7.2
MEDIUM5.4CVE-2020-11110Grafana stored XSS in github.com/grafana/grafana
from 0
MEDIUM5.4CVE-2019-13068Grafana Cross-site Scripting vulnerability
from 0, < 6.2.5
MEDIUM5.4CVE-2018-1000816Grafana XSS Vulnerability
from 0, < 5.3.2
MEDIUM5.0CVE-2025-3454Grafana's datasource proxy API allows authorization checks to be bypassed
>= 0.0.0-20210414170620-dadccdda06e6
MEDIUM5.0CVE-2025-3454Grafana's datasource proxy API allows authorization checks to be bypassed
>= 0.0.0-20210414170620-dadccdda06e6, < 0.0.0-20250424191517-1f707d16ed5d
MEDIUM4.9CVE-2022-31130Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
>= 9.0.0, < 9.1.8
MEDIUM4.9CVE-2022-31130Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
from 0
MEDIUM4.4CVE-2024-6322Grafana plugin data sources vulnerable to access control bypass in github.com/grafana/grafana
>= 11.1.0, < 11.1.1
MEDIUM4.4CVE-2024-6322Grafana plugin data sources vulnerable to access control bypass in github.com/grafana/grafana
from 0
MEDIUM4.3CVE-2025-3415Grafana's insecure DingDing Alert integration exposes sensitive information
from 0
MEDIUM4.3CVE-2025-3415Grafana's insecure DingDing Alert integration exposes sensitive information
from 0, < 1.9.2-0.20250514160932-04111e9f2afd
MEDIUM4.3CVE-2024-11741Grafana Alerting VictorOps integration could be exposed to users with Viewer permission
>= 11.4.0, < 11.4.1
MEDIUM4.3CVE-2024-11741Grafana Alerting VictorOps integration could be exposed to users with Viewer permission
from 0
MEDIUM4.3CVE-2022-39229Grafana when using email as a username can block other users from signing in in github.com/grafana/grafana
from 0, < 8.5.14
MEDIUM4.3CVE-2022-39229Grafana when using email as a username can block other users from signing in in github.com/grafana/grafana
from 0
MEDIUM4.3CVE-2022-21713Grafana API IDOR
>= 5.0.0-beta1, < 7.5.15
MEDIUM4.3CVE-2021-43815Grafana directory traversal for .cvs files
>= 8.0.0-beta3, < 8.3.2
MEDIUM4.1CVE-2023-2183Grafana has Broken Access Control in Alert manager: Viewer can send test alerts
from 0, < 8.5.26
LOW2.7CVE-2025-1088Grafana long dashboard title or panel name causes unresponsives
from 0, < 0.0.0-20250521211231-e0ba4b480954, >= 0.0.1-test
LOW2.7CVE-2025-1088Grafana long dashboard title or panel name causes unresponsives
>= 0.0.1-test, < 11.6.2
LOW2.2CVE-2024-10452Grafana org admin can delete pending invites in different org
from 0
LOW2.2CVE-2024-10452Grafana org admin can delete pending invites in different org
from 0, <= 10.4.0