Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Arbitrary File Read Arbitrary File Write Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilitie Known Vulnerabilities Ldap Injection Malware Missing Update Path Traversal Privilege Escalation Remote Code Execution SSRF SSTI Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Grafana Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2024-10452) CVE-2024-10452 CWE-639 CWE-639 Low Grafana avatar SSRF CVE-2020-13379 CWE-78 CWE-78 High Grafana Cleartext Storage of Sensitive Information Vulnerability (CVE-2020-12458) CVE-2020-12458 CWE-312 CWE-312 Medium Grafana Cleartext Storage of Sensitive Information Vulnerability (CVE-2022-26148) CVE-2022-26148 CWE-312 CWE-312 Critical Grafana Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2022-39328) CVE-2022-39328 CWE-362 CWE-362 High Grafana Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-21703) CVE-2022-21703 CWE-352 CWE-352 High Grafana CVE-2021-27358 Vulnerability (CVE-2021-27358) CVE-2021-27358 High Grafana CVE-2022-39201 Vulnerability (CVE-2022-39201) CVE-2022-39201 High Grafana CVE-2022-39307 Vulnerability (CVE-2022-39307) CVE-2022-39307 Medium Grafana CVE-2023-1387 Vulnerability (CVE-2023-1387) CVE-2023-1387 High Grafana CVE-2023-4399 Vulnerability (CVE-2023-4399) CVE-2023-4399 High Grafana CVE-2023-4822 Vulnerability (CVE-2023-4822) CVE-2023-4822 High Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-19039) CVE-2018-19039 CWE-200 CWE-200 Medium Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-19499) CVE-2019-19499 CWE-200 CWE-200 Medium Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-12459) CVE-2020-12459 CWE-200 CWE-200 Medium Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-21673) CVE-2022-21673 CWE-200 CWE-200 Medium Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-23498) CVE-2022-23498 CWE-200 CWE-200 High Grafana Externally Controlled Reference to a Resource in Another Sphere Vulnerability (CVE-2021-41244) CVE-2021-41244 CWE-610 CWE-610 Critical Grafana Improper Authentication Vulnerability (CVE-2018-15727) CVE-2018-15727 CWE-287 CWE-287 Critical Grafana Improper Authentication Vulnerability (CVE-2021-28148) CVE-2021-28148 CWE-287 CWE-287 High Grafana Improper Authentication Vulnerability (CVE-2021-39226) CVE-2021-39226 CWE-287 CWE-287 High Grafana Improper Authentication Vulnerability (CVE-2022-32276) CVE-2022-32276 CWE-287 CWE-287 High Grafana Improper Authentication Vulnerability (CVE-2022-39229) CVE-2022-39229 CWE-287 CWE-287 Medium Grafana Improper Input Validation Vulnerability (CVE-2022-39306) CVE-2022-39306 CWE-20 CWE-20 High Grafana Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-43798) CVE-2021-43798 CWE-22 CWE-22 High Grafana Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-43813) CVE-2021-43813 CWE-22 CWE-22 Medium Grafana Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-43815) CVE-2021-43815 CWE-22 CWE-22 Medium Grafana Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-32275) CVE-2022-32275 CWE-22 CWE-22 High Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-12099) CVE-2018-12099 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-18623) CVE-2018-18623 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-18624) CVE-2018-18624 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-18625) CVE-2018-18625 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1000816) CVE-2018-1000816 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-13068) CVE-2019-13068 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11110) CVE-2020-11110 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-12052) CVE-2020-12052 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-12245) CVE-2020-12245 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13430) CVE-2020-13430 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-24303) CVE-2020-24303 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41174) CVE-2021-41174 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-21702) CVE-2022-21702 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-23552) CVE-2022-23552 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31097) CVE-2022-31097 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-39324) CVE-2022-39324 CWE-707 CWE-707 Low Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-0507) CVE-2023-0507 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-0594) CVE-2023-0594 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1410) CVE-2023-1410 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-22462) CVE-2023-22462 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2024-9264) CVE-2024-9264 CWE-138 CWE-138 High Grafana Improper Preservation of Permissions Vulnerability (CVE-2022-36062) CVE-2022-36062 CWE-281 CWE-281 Low Grafana Improper Synchronization Vulnerability (CVE-2023-2801) CVE-2023-2801 CWE-662 CWE-662 Medium Grafana Improper Verification of Cryptographic Signature Vulnerability (CVE-2022-31123) CVE-2022-31123 CWE-347 CWE-347 High Grafana Incorrect Authorization Vulnerability (CVE-2021-28146) CVE-2021-28146 CWE-863 CWE-863 Medium Grafana Incorrect Authorization Vulnerability (CVE-2022-21713) CVE-2022-21713 CWE-863 CWE-863 Medium Grafana Incorrect Authorization Vulnerability (CVE-2022-31107) CVE-2022-31107 CWE-863 CWE-863 High Grafana Incorrect Authorization Vulnerability (CVE-2023-6152) CVE-2023-6152 CWE-863 CWE-863 Medium Grafana Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-27962) CVE-2021-27962 CWE-732 CWE-732 High Grafana Insufficiently Protected Credentials Vulnerability (CVE-2019-15635) CVE-2019-15635 CWE-522 CWE-522 Medium Grafana Insufficiently Protected Credentials Vulnerability (CVE-2022-31130) CVE-2022-31130 CWE-522 CWE-522 High Grafana Missing Authentication for Critical Function Vulnerability (CVE-2019-15043) CVE-2019-15043 CWE-306 CWE-306 High Grafana Missing Authentication for Critical Function Vulnerability (CVE-2022-28660) CVE-2022-28660 CWE-306 CWE-306 Critical Grafana Missing Authorization Vulnerability (CVE-2023-2183) CVE-2023-2183 CWE-862 CWE-862 Medium Grafana Other Vulnerability (CVE-2021-28147) CVE-2021-28147 Medium Grafana Plugin Dir Traversal (CVE-2021-43798) CVE-2021-43798 CWE-200 CWE-200 High Grafana Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-13379) CVE-2020-13379 CWE-918 CWE-918 High Grafana Signature Verification Vulnerability (CVE-2020-27846) CVE-2020-27846 Critical Grafana Snapshot Authentication Bypass (CVE-2021-39226) CVE-2021-39226 CWE-287 CWE-287 High Grafana URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-29170) CVE-2022-29170 CWE-601 CWE-601 High Grails database console CWE-200 CWE-200 Medium Grandnode Path Traversal (CVE-2019-12276) CVE-2019-12276 CWE-22 CWE-22 High GraphiQL Explorer/Playground Enabled CWE-200 CWE-200 Medium GraphQL Alias Overloading Allowed: Potential Denial of Service Vulnerability CWE-400 CWE-400 Medium GraphQL Array-based Query Batching Allowed: Potential Batching Attack Vulnerability CWE-770 CWE-770 Medium GraphQL Circular-Query via Introspection Allowed: Potential DoS Vulnerability CWE-400 CWE-400 Medium GraphQL Field Suggestions Enabled CWE-200 CWE-200 Medium 1...38394041...303 39 / 303
