FLAT-74FIG (CVE-2026-9277)
OS Command Injection In grafana
7.2
High
Ecosystem: RPM
Package: grafana
FLAT-1G1VB (CVE-2026-33381)
Improper authorization control for web services In grafana
5.7
Medium
Ecosystem: RPM
Package: grafana
FLAT-RRRVJ (CVE-2026-28383)
Improper resource allocation In grafana
5.7
Medium
Ecosystem: RPM
Package: grafana
FLAT-CMDW6 (CVE-2026-28380)
Improper authorization control for web services In grafana
5.7
Medium
Ecosystem: RPM
Package: grafana
FLAT-YY41W (CVE-2026-28379)
Race condition In grafana
3.8
Low
Ecosystem: RPM
Package: grafana
FLAT-YYLO5 (CVE-2026-28376)
Improper resource allocation In grafana
5.7
Medium
Ecosystem: RPM
Package: grafana
FLAT-EF9W2 (CVE-2026-28374)
Improper authorization control for web services In grafana
1.3
Low
Ecosystem: RPM
Package: grafana
FLAT-OH56C (CVE-2026-21728)
Asymmetric denial of service In github.com/grafana/tempo
7.7
High
Ecosystem: Go
Package: github.com/grafana/tempo
FLAT-O4S6H (CVE-2026-21726)
Cross-site request forgery In github.com/grafana/loki/v3
4.4
Medium
Ecosystem: Go
Package: github.com/grafana/loki/v3
FLAT-G0HJ0 (CVE-2025-41118)
Business information leak In github.com/grafana/pyroscope
8.1
High
Ecosystem: Go
Package: github.com/grafana/pyroscope
FLAT-E18IE (CVE-2026-21727)
Unauthorized access to screen In grafana
4.0
Medium
Ecosystem: RPM
Package: grafana
FLAT-OTLDT (CVE-2025-12141)
Unauthorized access to screen In grafana
5.8
Medium
Ecosystem: RPM
Package: grafana
FLAT-TX3N0 (CVE-2019-15043)
Improper authorization control for web services In grafana
6.6
Medium
Ecosystem: Alpm
Package: grafana
FLAT-YUY5X (CVE-2021-41174)
Reflected cross-site scripting (XSS) In grafana
2.3
Low
Ecosystem: Alpm
Package: grafana
FLAT-TGCR4 (CVE-2021-41244)
Authentication mechanism absence or evasion In grafana
7.6
High
Ecosystem: Alpm
Package: grafana
FLAT-WWDOL (CVE-2018-19039)
Lack of data validation - Path Traversal In grafana
9.0
Critical
Ecosystem: Alpm
Package: grafana
FLAT-YXIZE (CVE-2021-41090)
Enabled default configuration In grafana-agent
2.7
Low
Ecosystem: Alpm
Package: grafana-agent
FLAT-DA3JI (CVE-2021-43798)
Lack of data validation - Path Traversal In grafana
6.6
Medium
Ecosystem: Alpm
Package: grafana
FLAT-X6D5O (CVE-2021-43813)
Lack of data validation - Path Traversal In grafana
0.6
Low
Ecosystem: Alpm
Package: grafana
FLAT-4SZPD (CVE-2021-43815)
Lack of data validation - Path Traversal In grafana
1.3
Low
Ecosystem: Alpm
Package: grafana
FLAT-GS187 (CVE-2021-39226)
Improper authorization control for web services In grafana
9.1
Critical
Ecosystem: Alpm
Package: grafana
FLAT-XLL14 (CVE-2025-2703)
Asymmetric denial of service - ReDoS In grafana
2.7
Low
Ecosystem: Alpm
Package: grafana
FLAT-IJKMB (CVE-2025-3454)
Improper authorization control for web services In grafana
1.3
Low
Ecosystem: Alpm
Package: grafana
FLAT-ILLTP (CVE-2026-27877)
Unauthorized access to screen In github.com/grafana/grafana
6.5
Medium
Ecosystem: Go
Package: github.com/grafana/grafana
FLAT-GAZ4R (CVE-2026-28377)
Sensitive information stored in logs In github.com/grafana/tempo
5.7
Medium
Ecosystem: Go
Package: github.com/grafana/tempo
FLAT-FX94Q (CVE-2026-33891)
Improper resource allocation In grafana
6.3
Medium
Ecosystem: RPM
Package: grafana
FLAT-Z4DGE (CVE-2026-28375)
Asymmetric denial of service - ReDoS In grafana
3.8
Low
Ecosystem: RPM
Package: grafana
FLAT-1MAO7 (CVE-2026-27880)
Asymmetric denial of service In grafana
7.7
High
Ecosystem: RPM
Package: grafana
FLAT-RAIJU (CVE-2026-27879)
Asymmetric denial of service In grafana
5.7
Medium
Ecosystem: RPM
Package: grafana
FLAT-VF53C (CVE-2026-21724)
Improper authorization control for web services In github.com/grafana/grafana
1.3
Low
Ecosystem: Go
Package: github.com/grafana/grafana
FLAT-JPRZF (CVE-2026-21725)
Race condition In grafana
1.1
Low
Ecosystem: RPM
Package: grafana
FLAT-LXUHB (CVE-2025-41117)
Reflected cross-site scripting (XSS) In github.com/grafana/grafana
5.8
Medium
Ecosystem: Go
Package: github.com/grafana/grafana
FLAT-HWSGM (CVE-2026-21722)
Unauthorized access to screen In grafana
1.7
Low
Ecosystem: RPM
Package: grafana
FLAT-62X3M (CVE-2026-21721)
Excessive privileges In grafana
7.5
High
Ecosystem: RPM
Package: grafana
FLAT-HTN0L (CVE-2025-41115)
Privilege escalation In github.com/grafana/grafana
8.1
High
Ecosystem: Go
Package: github.com/grafana/grafana
FLAT-1UNV4 (CVE-2025-10630)
Lack of data validation In github.com/alexanderzobnin/grafana-zabbix
1.3
Low
Ecosystem: Go
Package: github.com/alexanderzobnin/grafana-zabbix
FLAT-0BRKM (MAL-2025-8388)
Use of software with malware In @leaffm/leaf-connect-grafana
5.2
Medium
Ecosystem: Npm
Package: @leaffm/leaf-connect-grafana
FLAT-MYL3R (MAL-2025-21803)
Use of software with malware In grafana-toolkit
5.2
Medium
Ecosystem: Npm
Package: grafana-toolkit
FLAT-JJ4VD (MAL-2025-21804)
Use of software with malware In grafanaversion
5.2
Medium
Ecosystem: Npm
Package: grafanaversion
FLAT-5CKR9 (CVE-2025-47908)
Asymmetric denial of service In grafana
6.6
Medium
Ecosystem: RPM
Package: grafana
FLAT-P3F0I (CVE-2025-8341)
Server-side request forgery (SSRF) In github.com/grafana/grafana-infinity-datasource
1.3
Low
Ecosystem: Go
Package: github.com/grafana/grafana-infinity-datasource
FLAT-P07JN (MAL-2025-6250)
Use of software with malware In @grafanacloud/plugins-platform-backend
5.2
Medium
Ecosystem: Npm
Package: @grafanacloud/plugins-platform-backend
FLAT-BNN2P (MAL-2025-6249)
Use of software with malware In @grafanacloud/test-utils
5.2
Medium
Ecosystem: Npm
Package: @grafanacloud/test-utils
FLAT-HIBJ1 (MAL-2025-6243)
Use of software with malware In grafana-internal-config-loader
5.2
Medium
Ecosystem: Npm
Package: grafana-internal-config-loader
FLAT-42BN7 (MAL-2025-6236)
Use of software with malware In grafana-config-pipeline
5.2
Medium
Ecosystem: Npm
Package: grafana-config-pipeline
FLAT-9TWSU (MAL-2025-6165)
Use of software with malware In grafana-scenes-ml
5.2
Medium
Ecosystem: Npm
Package: grafana-scenes-ml
FLAT-LFFFT (MAL-2025-6152)
Use of software with malware In aws-iot-twinmaker-grafana-utils
5.2
Medium
Ecosystem: Npm
Package: aws-iot-twinmaker-grafana-utils
FLAT-NDXX5 (CVE-2025-6023)
Reflected cross-site scripting (XSS) In github.com/grafana/grafana
5.1
Medium
Ecosystem: Go
Package: github.com/grafana/grafana
FLAT-F3CM4 (CVE-2025-6197)
Uncontrolled external site redirect In grafana
0.4
Low
Ecosystem: RPM
Package: grafana
FLAT-7B5XF (CVE-2025-3415)
Unauthorized access to screen In github.com/grafana/grafana
1.3
Low
Ecosystem: Go
Package: github.com/grafana/grafana
FLAT-WE08O (MAL-2025-5920)
Use of software with malware In grafana-strava-datasource
5.2
Medium
Ecosystem: Npm
Package: grafana-strava-datasource
FLAT-4BLSC (MAL-2025-5919)
Use of software with malware In grafana-amazonprometheus-datasource
5.2
Medium
Ecosystem: Npm
Package: grafana-amazonprometheus-datasource
FLAT-IVNJV (MAL-2025-5779)
Use of software with malware In grafana-zabbix
5.2
Medium
Ecosystem: Npm
Package: grafana-zabbix
FLAT-DTV2W (MAL-2025-5777)
Use of software with malware In grafana-csv-datasource
5.2
Medium
Ecosystem: Npm
Package: grafana-csv-datasource
FLAT-SOH8C (MAL-2025-5778)
Use of software with malware In grafana-polystat-panel
5.2
Medium
Ecosystem: Npm
Package: grafana-polystat-panel
FLAT-N2JES (MAL-2025-5698)
Use of software with malware In grafana-json-datasource
5.2
Medium
Ecosystem: Npm
Package: grafana-json-datasource
FLAT-KR3AV (MAL-2025-5696)
Use of software with malware In grafana-iot-sitewise-datasource
5.2
Medium
Ecosystem: Npm
Package: grafana-iot-sitewise-datasource
FLAT-UF88V (MAL-2025-5697)
Use of software with malware In grafana-iot-twinmaker-app
5.2
Medium
Ecosystem: Npm
Package: grafana-iot-twinmaker-app
FLAT-B0LXK (MAL-2025-5612)
Use of software with malware In grafana-lokiexplore-app
5.2
Medium
Ecosystem: Npm
Package: grafana-lokiexplore-app
FLAT-H3DQH (MAL-2025-5534)
Use of software with malware In grafana-pyroscope
5.2
Medium
Ecosystem: Npm
Package: grafana-pyroscope
FLAT-ZQJT8 (MAL-2025-5532)
Use of software with malware In grafana-github-datasource
5.2
Medium
Ecosystem: Npm
Package: grafana-github-datasource
FLAT-IQ0XI (CVE-2025-1088)
Lack of data validation In github.com/grafana/grafana
1.2
Low
Ecosystem: Go
Package: github.com/grafana/grafana
FLAT-N0Y9C (MAL-2025-4860)
Use of software with malware In opensearch-with-grafana-lambdas
5.2
Medium
Ecosystem: Npm
Package: opensearch-with-grafana-lambdas
FLAT-B3JK1 (CVE-2025-3260)
Authentication mechanism absence or evasion In github.com/grafana/grafana
6.2
Medium
Ecosystem: Go
Package: github.com/grafana/grafana
FLAT-79YHH (CVE-2025-3580)
Improper authorization control for web services In grafana
5.7
Medium
Ecosystem: RPM
Package: grafana
FLAT-LF09E (CVE-2025-4123)
Reflected cross-site scripting (XSS) In github.com/grafana/grafana
5.1
Medium
Ecosystem: Go
Package: github.com/grafana/grafana
FLAT-E7D4K (CVE-2025-2786)
Unauthorized access to screen In github.com/grafana/tempo-operator
0.4
Low
Ecosystem: Go
Package: github.com/grafana/tempo-operator
FLAT-71Z9Y (CVE-2025-2842)
Unauthorized access to screen In github.com/grafana/tempo-operator
0.6
Low
Ecosystem: Go
Package: github.com/grafana/tempo-operator
FLAT-4HP92 (MAL-2025-2174)
Use of software with malware In grafana-resources-exporter-app
5.2
Medium
Ecosystem: Npm
Package: grafana-resources-exporter-app
FLAT-7B55F (MAL-2025-1674)
Use of software with malware In grafana-metricsdrilldown-app
5.2
Medium
Ecosystem: Npm
Package: grafana-metricsdrilldown-app
FLAT-4PQM3 (MAL-2025-1645)
Use of software with malware In esm-appdynamics-grafana-react-datasource
5.2
Medium
Ecosystem: Npm
Package: esm-appdynamics-grafana-react-datasource
FLAT-WW0M8 (CVE-2024-11741)
Unauthorized access to screen In github.com/grafana/grafana
1.3
Low
Ecosystem: Go
Package: github.com/grafana/grafana
FLAT-YXTSC (MAL-2025-43)
Use of software with malware In grafana-sentry-datasource
5.2
Medium
Ecosystem: Npm
Package: grafana-sentry-datasource
FLAT-S8GZ6 (MAL-2024-12075)
Use of software with malware In grafana-report-panel
5.2
Medium
Ecosystem: Npm
Package: grafana-report-panel
FLAT-0P8SD (CVE-2024-10452)
Restricted fields manipulation In github.com/grafana/grafana
0.5
Low
Ecosystem: Go
Package: github.com/grafana/grafana
FLAT-M0X0A (CVE-2024-9264)
Server side template injection In github.com/grafana/grafana
7.7
High
Ecosystem: Go
Package: github.com/grafana/grafana
FLAT-7VJGQ (CVE-2024-8118)
Improper authorization control for web services In grafana
0.6
Low
Ecosystem: RPM
Package: grafana
FLAT-I1JQR (CVE-2024-8975)
Insecure service configuration - Certificates In github.com/grafana/alloy
4.0
Medium
Ecosystem: Go
Package: github.com/grafana/alloy
FLAT-A1T2O (CVE-2024-8996)
Insecure service configuration - Certificates In github.com/grafana/agent
4.0
Medium
Ecosystem: Go
Package: github.com/grafana/agent
FLAT-5RLA1 (CVE-2024-8986)
Weak credential policy In github.com/grafana/grafana-plugin-sdk-go
6.9
Medium
Ecosystem: Go
Package: github.com/grafana/grafana-plugin-sdk-go
FLAT-0U2MO (CVE-2022-46156)
Debugging enabled in production In github.com/grafana/synthetic-monitoring-agent
2.7
Low
Ecosystem: Go
Package: github.com/grafana/synthetic-monitoring-agent
FLAT-3RCZZ (CVE-2024-6322)
Privilege escalation In github.com/grafana/grafana
2.1
Low
Ecosystem: Go
Package: github.com/grafana/grafana
FLAT-YIA5M (MAL-2024-2434)
Use of software with malware In grafana__slate-react
5.2
Medium
Ecosystem: Npm
Package: grafana__slate-react
FLAT-UJDCJ (CVE-2022-36062)
Excessive privileges In github.com/grafana/grafana
5.1
Medium
Ecosystem: Go
Package: github.com/grafana/grafana
FLAT-OM2DF (CVE-2022-39201)
Business information leak In github.com/grafana/grafana
5.9
Medium
Ecosystem: Go
Package: github.com/grafana/grafana
FLAT-MCA6K (CVE-2022-39229)
Improper authorization control for web services In github.com/grafana/grafana
1.2
Low
Ecosystem: Go
Package: github.com/grafana/grafana
FLAT-21YVH (CVE-2022-39306)
Lack of data validation In github.com/grafana/grafana
4.1
Medium
Ecosystem: Go
Package: github.com/grafana/grafana
FLAT-XHGEM (CVE-2022-39307)
Unauthorized access to screen In github.com/grafana/grafana
4.2
Medium
Ecosystem: Go
Package: github.com/grafana/grafana
FLAT-QKP0E (CVE-2022-39324)
Reflected cross-site scripting (XSS) In github.com/grafana/grafana
1.3
Low
Ecosystem: Go
Package: github.com/grafana/grafana
FLAT-OQBIM (CVE-2022-39328)
Race condition In github.com/grafana/grafana
8.1
High
Ecosystem: Go
Package: github.com/grafana/grafana
FLAT-CACX2 (CVE-2022-35957)
Spoofing In github.com/grafana/grafana
4.8
Medium
Ecosystem: Go
Package: github.com/grafana/grafana
FLAT-NMLOM (CVE-2022-31130)
Business information leak In github.com/grafana/grafana
4.6
Medium
Ecosystem: Go
Package: github.com/grafana/grafana
FLAT-16BRK (CVE-2022-31123)
Insecure digital certificates In github.com/grafana/grafana
5.9
Medium
Ecosystem: Go
Package: github.com/grafana/grafana
FLAT-5M9ZE (CVE-2022-31107)
Authentication mechanism absence or evasion In github.com/grafana/grafana
5.0
Medium
Ecosystem: Go
Package: github.com/grafana/grafana
FLAT-0KMCY (CVE-2022-21713)
Improper authorization control for web services In github.com/grafana/grafana
1.3
Low
Ecosystem: Go
Package: github.com/grafana/grafana
FLAT-7LB6I (CVE-2022-31097)
Server side cross-site scripting In github.com/grafana/grafana
2.3
Low
Ecosystem: Go
Package: github.com/grafana/grafana
FLAT-I0EPZ (CVE-2022-21702)
Reflected cross-site scripting (XSS) In github.com/grafana/grafana
5.6
Medium
Ecosystem: Go
Package: github.com/grafana/grafana
FLAT-5E5GU (CVE-2024-1313)
Improper authorization control for web services In github.com/grafana/grafana
4.9
Medium
Ecosystem: Go
Package: github.com/grafana/grafana
FLAT-RL5P9 (GHSA-mh7p-8m2f-qrm6)
Improper authorization control for web services In github.com/grafana/grafana
0.0
None
Ecosystem: Go
Package: github.com/grafana/grafana
FLAT-B56NL (CVE-2024-1442)
Excessive privileges In github.com/grafana/grafana
4.8
Medium
Ecosystem: Go
Package: github.com/grafana/grafana