Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Api Bfla Api Bola Api Broken Auth Api Broken Object Prop Auth Api Dos Api Improper Inventory Management Api Misconfiguration Api Ssrf Arbitrary File Creation Arbitrary File Read Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial Of Service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities LLM Ldap Injection Llm Excessive Agency Llm Insecure Output Handling Llm Prompt Injection Llm Prompt Leakage Llm Sensitive Information Disclosure Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Grafana Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-43798) CVE-2021-43798 CWE-22 CWE-22 High Grafana Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-43813) CVE-2021-43813 CWE-22 CWE-22 Medium Grafana Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-43815) CVE-2021-43815 CWE-22 CWE-22 Medium Grafana Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-32275) CVE-2022-32275 CWE-22 CWE-22 High Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-12099) CVE-2018-12099 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-18623) CVE-2018-18623 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-18624) CVE-2018-18624 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-18625) CVE-2018-18625 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1000816) CVE-2018-1000816 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-13068) CVE-2019-13068 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11110) CVE-2020-11110 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-12052) CVE-2020-12052 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-12245) CVE-2020-12245 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13430) CVE-2020-13430 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-24303) CVE-2020-24303 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41174) CVE-2021-41174 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-21702) CVE-2022-21702 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-23552) CVE-2022-23552 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31097) CVE-2022-31097 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-39324) CVE-2022-39324 CWE-707 CWE-707 Low Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-0507) CVE-2023-0507 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-0594) CVE-2023-0594 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1410) CVE-2023-1410 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-22462) CVE-2023-22462 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-41117) CVE-2025-41117 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2024-9264) CVE-2024-9264 CWE-138 CWE-138 High Grafana Improper Preservation of Permissions Vulnerability (CVE-2022-36062) CVE-2022-36062 CWE-281 CWE-281 Low Grafana Improper Synchronization Vulnerability (CVE-2023-2801) CVE-2023-2801 CWE-662 CWE-662 Medium Grafana Improper Verification of Cryptographic Signature Vulnerability (CVE-2022-31123) CVE-2022-31123 CWE-347 CWE-347 High Grafana Incorrect Authorization Vulnerability (CVE-2021-28146) CVE-2021-28146 CWE-863 CWE-863 Medium Grafana Incorrect Authorization Vulnerability (CVE-2022-21713) CVE-2022-21713 CWE-863 CWE-863 Medium Grafana Incorrect Authorization Vulnerability (CVE-2022-31107) CVE-2022-31107 CWE-863 CWE-863 High Grafana Incorrect Authorization Vulnerability (CVE-2023-6152) CVE-2023-6152 CWE-863 CWE-863 Medium Grafana Incorrect Authorization Vulnerability (CVE-2026-21721) CVE-2026-21721 CWE-863 CWE-863 High Grafana Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-27962) CVE-2021-27962 CWE-732 CWE-732 High Grafana Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2026-21727) CVE-2026-21727 CWE-732 CWE-732 Low Grafana Incorrect Privilege Assignment Vulnerability (CVE-2025-41115) CVE-2025-41115 CWE-266 CWE-266 Critical Grafana Insufficiently Protected Credentials Vulnerability (CVE-2019-15635) CVE-2019-15635 CWE-522 CWE-522 Medium Grafana Insufficiently Protected Credentials Vulnerability (CVE-2022-31130) CVE-2022-31130 CWE-522 CWE-522 High Grafana Missing Authentication for Critical Function Vulnerability (CVE-2019-15043) CVE-2019-15043 CWE-306 CWE-306 High Grafana Missing Authentication for Critical Function Vulnerability (CVE-2022-28660) CVE-2022-28660 CWE-306 CWE-306 Critical Grafana Missing Authorization Vulnerability (CVE-2023-2183) CVE-2023-2183 CWE-862 CWE-862 Medium Grafana Open Redirect (CVE-2025-4123) CVE-2025-4123 CWE-601 CWE-601 High Grafana Other Vulnerability (CVE-2021-28147) CVE-2021-28147 Medium Grafana Out-of-bounds Write Vulnerability (CVE-2026-27879) CVE-2026-27879 CWE-787 CWE-787 Medium Grafana Out-of-bounds Write Vulnerability (CVE-2026-27880) CVE-2026-27880 CWE-787 CWE-787 High Grafana Plugin Dir Traversal (CVE-2021-43798) CVE-2021-43798 CWE-200 CWE-200 High Grafana Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-13379) CVE-2020-13379 CWE-918 CWE-918 High Grafana Signature Verification Vulnerability (CVE-2020-27846) CVE-2020-27846 Critical Grafana Snapshot Authentication Bypass (CVE-2021-39226) CVE-2021-39226 CWE-287 CWE-287 High Grafana Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2026-21725) CVE-2026-21725 CWE-367 CWE-367 Low Grafana Uncontrolled Resource Consumption Vulnerability (CVE-2026-21720) CVE-2026-21720 CWE-400 CWE-400 High Grafana Uncontrolled Resource Consumption Vulnerability (CVE-2026-28375) CVE-2026-28375 CWE-400 CWE-400 Medium Grafana Uncontrolled Resource Consumption Vulnerability (CVE-2026-33375) CVE-2026-33375 CWE-400 CWE-400 Medium Grafana Uncontrolled Resource Consumption Vulnerability (CVE-2026-33378) CVE-2026-33378 CWE-400 CWE-400 Medium Grafana URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-29170) CVE-2022-29170 CWE-601 CWE-601 High Grails database console CWE-200 CWE-200 Medium Grandnode Path Traversal (CVE-2019-12276) CVE-2019-12276 CWE-22 CWE-22 High GraphiQL Explorer/Playground Enabled CWE-200 CWE-200 Medium GraphQL Alias Overloading Allowed: Potential Denial of Service Vulnerability CWE-400 CWE-400 Medium GraphQL Array-based Query Batching Allowed: Potential Batching Attack Vulnerability CWE-770 CWE-770 Medium GraphQL Circular-Query via Introspection Allowed: Potential DoS Vulnerability CWE-400 CWE-400 Medium GraphQL Field Suggestions Enabled CWE-200 CWE-200 Medium GraphQL Introspection Query Enabled CWE-200 CWE-200 Medium GraphQL Non-JSON Mutations over GET: Potential CSRF Vulnerability CWE-352 CWE-352 Medium GraphQL Non-JSON Queries over GET: Potential CSRF Vulnerability CWE-352 CWE-352 Medium GraphQL Non-JSON Queries over POST: Potential CSRF Vulnerability CWE-352 CWE-352 Medium GraphQL Unauthenticated Mutation Detected CWE-306 CWE-306 Medium GraphQL Unhandled Error Leakage CWE-209 CWE-209 Medium Grav CMS Unauthenticated RCE (CVE-2021-21425) CVE-2021-21425 CWE-284 CWE-284 High GSAP CVE-2020-28478 Vulnerability (CVE-2020-28478) CVE-2020-28478 High Gunicorn Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2018-1000164) CVE-2018-1000164 CWE-707 CWE-707 High H2 console publicly accessible CWE-287 CWE-287 Low Hadoop cluster web interface CWE-200 CWE-200 Medium Hadoop YARN ResourceManager publicly accessible CWE-200 CWE-200 High 1...44454647...327 45 / 327
