Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-44903 |
|
Cross-Site Scripting (XSS) in github.com/prometheus/prometheus (CVE-2026-44903)
cross-site scripting in github.com/prometheus/prometheus (CVE-2026-44903). Risk of unauthorized operations or information disclosure. Exploitable via ``label_replace``. Mitigation: upgrade to `2.7.2` or later.
|
| CVE-2026-42151 |
|
Information Disclosure in github.com/prometheus/prometheus (CVE-2026-42151)
vulnerability in github.com/prometheus/prometheus (CVE-2026-42151). Confidential information can be exposed externally. Exploitable via ``client_secret``. Mitigation: upgrade to `0.311.3` or later.
|
| CVE-2026-42154 |
|
Vulnerability in github.com/prometheus/prometheus (CVE-2026-42154)
vulnerability in github.com/prometheus/prometheus (CVE-2026-42154). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.11.3` or later.
|
| CVE-2023-26735 |
|
SSRF (Server-Side Request Forgery) in prometheus (CVE-2023-26735)
SSRF in prometheus (CVE-2023-26735). Confidential information can be exposed externally.
|