Security Advisories for github.com/grafana/grafana in go
Critical
16 days ago
Grafana Incorrect Privilege Assignment vulnerability
go
github.com/grafana/grafana
High
5 months ago
Grafana is vulnerable to XSS attacks through open redirects and path traversal
go
github.com/grafana/grafana
Moderate
5 months ago
Grafana's insecure DingDing Alert integration exposes sensitive information
go
github.com/grafana/grafana
Low
6 months ago
Grafana long dashboard title or panel name causes unresponsives
go
github.com/grafana/grafana
Moderate
6 months ago
Grafana's datasource proxy API allows authorization checks to be bypassed
go
github.com/grafana/grafana
High
6 months ago
Grafana vulnerable to authenticated users bypassing dashboard, folder permissions
go
github.com/grafana/grafana
High
7 months ago
Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin
go
github.com/grafana/grafana
Moderate
10 months ago
Grafana Alerting VictorOps integration could be exposed to users with Viewer permission
go
github.com/grafana/grafana
Low
about 1 year ago
Grafana org admin can delete pending invites in different org
go
github.com/grafana/grafana
Critical
about 1 year ago
Grafana Command Injection And Local File Inclusion Via Sql Expressions
go
github.com/grafana/grafana
Moderate
over 1 year ago
Grafana plugin data sources vulnerable to access control bypass
go
github.com/grafana/grafana
High
over 1 year ago
Grafana folders admin only permission privilege escalation
go
github.com/grafana/grafana
High
over 1 year ago
Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
go
github.com/grafana/grafana
Moderate
over 1 year ago
Grafana when using email as a username can block other users from signing in
go
github.com/grafana/grafana
High
over 1 year ago
Grafana Email addresses and usernames can not be trusted
go
github.com/grafana/grafana
Critical
over 1 year ago
Grafana Race condition allowing privilege escalation
go
github.com/grafana/grafana
High
over 1 year ago
Grafana Escalation from admin to server admin when auth proxy is used
go
github.com/grafana/grafana
Moderate
over 1 year ago
Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
go
github.com/grafana/grafana
Moderate
over 1 year ago
Grafana Stored Cross-site Scripting in Unified Alerting
go
github.com/grafana/grafana
Low
over 1 year ago
Grafana Forward OAuth Identity Token can allow users to access some data sources
go
github.com/grafana/grafana
Critical
over 1 year ago
Grafana Fine-grained access control vulnerability
go
github.com/grafana/grafana
High
over 1 year ago
Grafana: Users outside an organization can delete a snapshot with its key
go
github.com/grafana/grafana
High
almost 2 years ago
Grafana's users with permissions to create a data source can CRUD all data sources
go
github.com/grafana/grafana
Moderate
almost 2 years ago
Email Validation Bypass And Preventing Sign Up From Email's Owner
go
github.com/grafana/grafana
Moderate
almost 2 years ago
Grafana XSS via adding a link in General feature
go
github.com/grafana/grafana
Critical
over 2 years ago
Grafana vulnerable to Authentication Bypass by Spoofing
go
github.com/grafana/grafana
Moderate
over 2 years ago
Grafana has Broken Access Control in Alert manager: Viewer can send test alerts
go
github.com/grafana/grafana
Moderate
over 2 years ago
Grafana Stored Cross-site Scripting in Graphite FunctionDescription tooltip
go
github.com/grafana/grafana
Moderate
almost 3 years ago
Grafana vulnerable to Stored Cross-site Scripting in Text plugin
go
github.com/grafana/grafana
Moderate
almost 3 years ago
Grafana vulnerable to Cross-site Scripting
go
github.com/grafana/grafana
Moderate
almost 3 years ago
Grafana vulnerable to Cross-site Scripting
go
github.com/grafana/grafana
Moderate
over 3 years ago
Grafana XSS via a query alias for the ElasticSearch datasource
go
github.com/grafana/grafana
High
about 4 years ago
Authentication bypass for viewing and deletions of snapshots
go
github.com/grafana/grafana