Approved changes feed: RSS · Atom
cpe:2.3:a:grafana:grafana:12.3.2:-:*:*:*:*:*:*
part: a version: 12.3.2 update: -
| Vendor | Grafana (7564912d-bb81-50cf-9eb9-f573ac2fa519) |
|---|---|
| Product | Grafana (6e4f3e11-70ef-54b3-88d6-f64136c9d5f2) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:docker/grafana/grafana |
purl2cpe | 2026-06-01 10:14:45.508487 |
pkg:github/grafana/grafana |
purl2cpe | 2026-06-01 10:14:45.508489 |
pkg:rpm/fedora/grafana |
purl2cpe | 2026-06-01 10:14:45.508491 |
pkg:rpm/opensuse/grafana |
purl2cpe | 2026-06-01 10:14:45.508492 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-21722 |
vulnerable | 2026-06-03 15:15:51.531750 |
Public Dashboards time range restriction on annotations can be bypassed
MEDIUM (5.3)
Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange.
This did not leak any annotations that would not otherwise be visible on the public dashboard.
Published: 2026-02-12T08:49:05.678Z
Updated: 2026-05-13T19:28:33.822Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-41117 |
vulnerable | 2026-06-03 15:01:14.540286 |
XSS in Grafana Explore stack trace
MEDIUM (6.8)
Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field.
Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo do not appear affected whatsoever.
Published: 2026-02-12T08:49:08.545Z
Updated: 2026-05-13T19:28:45.157Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.