Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-42127 |
|
Vulnerability in dos (CVE-2026-42127)
vulnerability in dos (CVE-2026-42127). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9029 |
|
The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug....
The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug....
|
| CVE-2026-42129 |
|
The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An...
The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An...
|
| CVE-2026-28381 |
|
Vulnerability in grafana (CVE-2026-28381)
vulnerability in grafana (CVE-2026-28381). Confidential information can be exposed externally.
|
| CVE-2026-10601 |
|
Path Traversal in path-traversal (CVE-2026-10601)
path traversal in path-traversal (CVE-2026-10601). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-27878 |
|
Vulnerability in dos (CVE-2026-27878)
vulnerability in dos (CVE-2026-27878). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11769 |
|
Path Traversal in github.com/grafana/grafana-operator (CVE-2026-11769)
path traversal in github.com/grafana/grafana-operator (CVE-2026-11769). Successful exploitation can lead to full system takeover. Exploitable via ``Dashboard``. Mitigation: upgrade to `5.24.0` or later.
|
| CVE-2026-33377 |
|
Vulnerability in grafana (CVE-2026-33377)
vulnerability in grafana (CVE-2026-33377). Data can be tampered with by attackers. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
|
| CVE-2026-28379 |
|
Vulnerability in grafana (CVE-2026-28379)
vulnerability in grafana (CVE-2026-28379). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
|
| CVE-2026-28374 |
|
Vulnerability in grafana (CVE-2026-28374)
vulnerability in grafana (CVE-2026-28374). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
|
| CVE-2026-33381 |
|
Vulnerability in grafana (CVE-2026-33381)
vulnerability in grafana (CVE-2026-33381). Confidential information can be exposed externally. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
|
| CVE-2026-33380 |
|
Vulnerability in grafana (CVE-2026-33380)
vulnerability in grafana (CVE-2026-33380). Confidential information can be exposed externally. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
|
| CVE-2026-33378 |
|
Vulnerability in grafana (CVE-2026-33378)
vulnerability in grafana (CVE-2026-33378). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
|
| CVE-2026-28380 |
|
BAC in Snapshot API allows deletion of unauthorized dashboard snapshots
BAC in Snapshot API allows deletion of unauthorized dashboard snapshots
|
| CVE-2026-28376 |
|
Vulnerability in grafana (CVE-2026-28376)
vulnerability in grafana (CVE-2026-28376). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
|
| CVE-2026-33376 |
|
Vulnerability in grafana (CVE-2026-33376)
vulnerability in grafana (CVE-2026-33376). Confidential information can be exposed externally. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
|
| CVE-2026-28383 |
|
Vulnerability in grafana (CVE-2026-28383)
vulnerability in grafana (CVE-2026-28383). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
|
| CVE-2026-21728 |
|
Vulnerability in grafana (CVE-2026-21728)
vulnerability in grafana (CVE-2026-21728). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-41118 |
|
Vulnerability in c (CVE-2025-41118)
vulnerability in c (CVE-2025-41118). Confidential information can be exposed externally.
|
| CVE-2026-27880 |
|
Out-of-Bounds Write in grafana (CVE-2026-27880)
out-of-bounds write in grafana (CVE-2026-27880). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-27877 |
|
Vulnerability in github.com/grafana/grafana (CVE-2026-27877)
vulnerability in github.com/grafana/grafana (CVE-2026-27877). Confidential information can be exposed externally. Mitigation: upgrade to `1.9.2-0.20260325055210-3522153e07b4` or later.
|
| CVE-2026-27876 |
|
Code Injection in grafana (CVE-2026-27876)
code injection in grafana (CVE-2026-27876). Successful exploitation can lead to full system takeover.
|
| CVE-2026-21725 |
|
Vulnerability in grafana (CVE-2026-21725)
vulnerability in grafana (CVE-2026-21725). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-21721 |
|
Authorization Flaw in privilege-escalation (CVE-2026-21721)
vulnerability in privilege-escalation (CVE-2026-21721). Confidential information can be exposed externally.
|
| CVE-2026-21720 |
|
Vulnerability in grafana (CVE-2026-21720)
vulnerability in grafana (CVE-2026-21720). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-43798 KEV |
|
[KEV] Path Traversal in Grafana labs grafana-labs (CVE-2021-43798)
path traversal in Grafana labs grafana-labs (CVE-2021-43798). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-39226 KEV |
|
[KEV] Authentication Bypass in Grafana labs grafana-labs (CVE-2021-39226)
authentication bypass in Grafana labs grafana-labs (CVE-2021-39226). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|