Grafana Security Vulnerabilities (CVEs)

Track 22 security vulnerabilities affecting Grafana products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

7 Critical

14 High

1 Medium

Sort by:

🔔 Get Alerts for Grafana

CVE-2026-21722 5.3

This vulnerability in Grafana allows attackers to view annotation data outside the locked timerange on public dashboards with annotations enabled. Org...

Feb 12, 2026

CVE-2026-21720 7.5

This vulnerability in Grafana allows attackers to cause denial of service by exhausting system memory through uncontrolled goroutine creation. Attacke...

Jan 27, 2026

CVE-2025-41115 10.0

A critical vulnerability in Grafana's SCIM provisioning allows malicious SCIM clients to provision users with numeric external IDs, potentially overri...

Nov 21, 2025

CVE-2025-4123 7.6

This CVE describes a cross-site scripting (XSS) vulnerability in Grafana that combines client path traversal with open redirect. Attackers can redirec...

May 22, 2025

CVE-2024-8975 7.3

This vulnerability allows local Windows users to escalate privileges to SYSTEM by exploiting an unquoted search path in Grafana Alloy. It affects Wind...

Sep 25, 2024

CVE-2023-5123 8.0

The JSON datasource plugin for Grafana has a path traversal vulnerability that allows authenticated users to query arbitrary endpoints on the configur...

Feb 14, 2024

CVE-2023-3128 9.4

This vulnerability allows attackers to bypass authentication and take over Grafana accounts when Azure AD OAuth is configured with multi-tenant applic...

Jun 22, 2023

CVE-2023-2801 7.5

This vulnerability in Grafana allows attackers to crash instances by exploiting mixed queries in public dashboards or directly through the query API. ...

Jun 6, 2023

CVE-2023-0594 7.3

Grafana has a stored cross-site scripting (XSS) vulnerability in the trace view visualization that allows attackers with Editor role to inject malicio...

Mar 1, 2023

CVE-2022-23498 7.1

Grafana's datasource query caching feature inadvertently caches session headers, allowing authenticated users to potentially acquire other users' sess...

Feb 3, 2023

CVE-2022-31107 7.1

This vulnerability allows an authenticated malicious user to take over another user's Grafana account via OAuth login manipulation. It affects Grafana...

Jul 15, 2022

CVE-2022-31097 7.3

Grafana versions 8.x and 9.x before specific patched releases are vulnerable to stored cross-site scripting (XSS) in the Unified Alerting feature. An ...

Jul 15, 2022

CVE-2022-32276 7.5

CVE-2022-32276 allows unauthenticated access to Grafana dashboard snapshots via specific URLs, bypassing authentication requirements. This affects Gra...

Jun 17, 2022

CVE-2022-28660 9.8

This vulnerability allows unauthenticated access to Grafana Enterprise Logs querier component when X-Scope-OrgID header is used, bypassing authenticat...

May 20, 2022

CVE-2022-24812 8.0

This vulnerability in Grafana Enterprise allows privilege escalation when fine-grained access control is enabled. An attacker can use a lower-privileg...

Apr 12, 2022

CVE-2022-26148 9.8

This vulnerability exposes Zabbix account passwords in Grafana's HTML source code when integrated with Zabbix. Attackers can discover credentials by v...

Mar 21, 2022

CVE-2021-43798 7.5

CVE-2021-43798 is a directory traversal vulnerability in Grafana that allows attackers to read arbitrary files on the server by exploiting a flaw in t...

Dec 7, 2021

CVE-2021-41244 9.1

This vulnerability in Grafana allows organization administrators to access and modify users in other organizations when fine-grained access control is...

Nov 15, 2021

CVE-2021-39226 9.8

This vulnerability in Grafana allows unauthenticated or authenticated users to view and delete the snapshot with the lowest database key via specific ...

Oct 5, 2021

CVE-2021-28148 7.5

This vulnerability allows unauthenticated attackers to send unlimited requests to a specific Grafana Enterprise API endpoint, causing denial of servic...

Mar 22, 2021

CVE-2021-27358 7.5

This vulnerability in Grafana's snapshot feature allows unauthenticated remote attackers to trigger a Denial of Service via API calls when a commonly ...

Mar 18, 2021

CVE-2020-27846 9.8

CVE-2020-27846 is a signature verification vulnerability in the crewjam/saml library that allows attackers to bypass SAML authentication. This affects...

Dec 21, 2020

Why Monitor Grafana Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 22+ known vulnerabilities affecting Grafana products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Grafana packages in under 60 seconds. No agents required - completely agentless scanning that works across Grafana deployments.

Free vulnerability database: Access detailed information about every Grafana CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Grafana CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Grafana CVEs Free