Known Vulnerabilities for products from Grafana
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Grafana".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33375 | Not Provided | 2026-03-26 | 2026-03-27 | |
| CVE-2026-28377 | A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potent... | Not Provided | 2026-03-26 | 2026-03-31 |
| CVE-2026-28375 | A testdata data-source can be used to trigger out-of-memory crashes in Grafana. | Not Provided | 2026-03-27 | 2026-03-31 |
| CVE-2026-27880 | The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes. | Not Provided | 2026-03-27 | 2026-03-31 |
| CVE-2026-27879 | A resample query can be used to trigger out-of-memory crashes in Grafana. | Not Provided | 2026-03-27 | 2026-03-31 |
| CVE-2026-27877 | When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used i... | Not Provided | 2026-03-27 | 2026-03-31 |
| CVE-2026-27876 | A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact (RC... | Not Provided | 2026-03-27 | 2026-03-31 |
| CVE-2026-21724 | Not Provided | 2026-03-26 | 2026-03-27 | |
| CVE-2022-24812 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-04-12 | 2022-09-09 |
| CVE-2022-23552 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2023-01-27 | 2023-11-07 |
| CVE-2022-23498 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2023-02-03 | 2023-11-07 |
| CVE-2022-21713 | Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoin... | 4.3 - MEDIUM | 2022-02-08 | 2023-11-07 |
| CVE-2022-21703 | Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request fo... | 8.8 - HIGH | 2022-02-08 | 2023-11-07 |
| CVE-2022-21702 | Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML conten... | 5.4 - MEDIUM | 2022-02-08 | 2023-11-07 |
| CVE-2022-21673 | Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward ... | 4.3 - MEDIUM | 2022-01-18 | 2023-11-07 |
| CVE-2021-43815 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 4.3 - MEDIUM | 2021-12-10 | 2022-03-31 |
| CVE-2021-43813 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 4.3 - MEDIUM | 2021-12-10 | 2022-03-31 |
| CVE-2021-43798 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2021-12-07 | 2022-04-12 |
| CVE-2021-41244 | Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access contro... | 7.2 - HIGH | 2021-11-15 | 2022-03-31 |
| CVE-2021-41174 | Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince ... | 6.1 - MEDIUM | 2021-11-03 | 2021-11-29 |
Known software with vulnerabilities from Grafana
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Grafana | Grafana | - |
| Application | Grafana | Piechart-panel | 0.0.1 |