Max CVSS 6.8 Min CVSS 4.3 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2020-13379 6.4
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can b
29-01-2021 - 16:41 03-06-2020 - 19:15
CVE-2020-7662 5.0
websocket-extensions npm module prior to 0.1.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-by
23-12-2020 - 18:22 02-06-2020 - 19:15
CVE-2020-12245 4.3
Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip.
10-10-2020 - 18:15 24-04-2020 - 21:15
CVE-2019-11253 5.0
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CP
02-10-2020 - 17:11 17-10-2019 - 16:15
CVE-2020-7660 6.8
serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".
08-06-2020 - 16:35 01-06-2020 - 15:15
CVE-2020-13430 4.3
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.
28-05-2020 - 13:15 24-05-2020 - 18:15
CVE-2020-12052 4.3
Grafana version < 6.7.3 is vulnerable for annotation popup XSS.
11-05-2020 - 10:15 27-04-2020 - 13:15
Back to Top Mark selected
Back to Top