Grafana Grafana Enterprise
14 CVEs affecting Grafana Grafana Enterprise. Latest disclosed: 2025-11-21. Critical: 2, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-41115 | Critical | 10.0 | 2025-11-21 | SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing… |
CVE-2023-3128 | Critical | 9.4 | 2023-06-22 | Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads… |
CVE-2023-2801 | High | 7.5 | 2023-06-06 | Grafana is an open-source platform for monitoring and observability. Using public dashboards users can query multiple distinct data sources using mixed queri… |
CVE-2023-0594 | High | 7.3 | 2023-03-01 | Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view v… |
CVE-2023-0507 | High | 7.3 | 2023-03-01 | Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch, Grafana had a stored XSS vulnerability affecting the core… |
CVE-2025-2703 | Medium | 6.8 | 2025-04-23 | The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it exec… |
CVE-2023-4822 | Medium | 6.7 | 2023-10-16 | Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user… |
CVE-2023-4399 | Medium | 6.6 | 2023-10-17 | Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, Request security is a deny list that allows admins to configure G… |
CVE-2023-1410 | Medium | 6.2 | 2023-03-23 | Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. Th… |
CVE-2023-6152 | Medium | 5.4 | 2024-02-13 | A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_e… |
CVE-2025-3454 | Medium | 5.0 | 2025-06-02 | This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with… |
CVE-2024-6322 | Medium | 4.4 | 2024-08-20 | Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associat… |
CVE-2023-1387 | Medium | 4.2 | 2023-04-26 | Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the… |
CVE-2023-2183 | Medium | 4.1 | 2023-06-06 | Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having… |