Exposure of Grafana

Analytics

70

exposure score

141

sites use

2

exploited

6

critical

CVEs

57 results

CVE-2021-39226CRITICALSnapshot authentication bypass in grafanaEPSS 99.9%KEV CVE-2021-43798HIGHGrafana path traversalEPSS 88.8%KEV CVE-2024-9264CRITICALGrafana SQL Expressions allow for remote code executionEPSS 97.8%CVE-2025-4123HIGHA cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attaEPSS 94.7%CVE-2021-41174MEDIUMXSS vulnerability allowing arbitrary JavaScript executionEPSS 84.6%CVE-2022-31097HIGHStored XSS in Grafana's Unified AlertingEPSS 68.6%CVE-2021-43813MEDIUMDirectory Traversal in GrafanaEPSS 58.0%CVE-2025-6023HIGHAn open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introdEPSS 37.6%CVE-2023-0507HIGHGrafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch, Grafana had a stored XSS vulnerability EPSS 17.4%CVE-2025-2703MEDIUMThe built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in orEPSS 10.6%CVE-2023-0594HIGHGrafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability EPSS 9.2%CVE-2023-3128CRITICALGrafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modEPSS 4.1%CVE-2025-6197MEDIUMAn open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: -EPSS 3.7%CVE-2021-41244CRITICALCross organization admin control in GrafanaEPSS 2.8%CVE-2022-21702MEDIUMCross site scripting in Grafana proxyEPSS 2.4%CVE-2022-21703MEDIUMCross Site Request Forgery in GrafanaEPSS 2.3%CVE-2022-24812HIGHFGAC API Key privilege escalation in GrafanaEPSS 2.2%CVE-2022-31107HIGHGrafana account takeover via OAuth vulnerabilityEPSS 2.0%CVE-2022-21673MEDIUMOAuth Identity Token exposure in GrafanaEPSS 2.0%CVE-2021-43815MEDIUMGrafana directory traversal for `.cvs` filesEPSS 1.8%

← previouspage 1 / 3next →

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →