Grafana Enterprise Vulnerabilities: CVEs, CISA KEV & Security Advisories

Severity and exploitation

How the CVSS severity of Grafana Enterprise's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical2

High3

Medium9

Low0

In CISA’s Known Exploited Vulnerabilities catalog

None of Grafana Enterprise's CVEs are currently listed in CISA's KEV catalog.

Public exploits

5 of Grafana Enterprise's CVEs have a known public exploit available.

Affected versions and CVEs

Browse every Grafana Enterprise version named in a CVE, then pick one to see only the CVEs that affect it.

Fixed in

11.2.8+security-012 CVEs
11.3.5+security-012 CVEs
11.4.3+security-012 CVEs
11.5.3+security-012 CVEs
11.6.0+security-012 CVEs
8.5.212 CVEs
9.2.132 CVEs
9.3.82 CVEs
9.4.122 CVEs
9.5.32 CVEs
10.0.111 CVE
10.0.71 CVE
10.0.91 CVE
10.1.31 CVE
10.1.51 CVE
10.1.71 CVE
10.2.41 CVE
10.3.31 CVE
10.4.17+security-011 CVE
11.1.11 CVE
11.1.31 CVE
12.2.11 CVE
8.5.221 CVE
8.5.261 CVE
8.5.271 CVE
9.2.151 CVE
9.2.171 CVE
9.2.191 CVE
9.2.201 CVE
9.3.111 CVE
9.3.131 CVE
9.3.151 CVE
9.3.161 CVE
9.4.131 CVE
9.4.161 CVE
9.4.171 CVE
9.5.01 CVE
9.5.111 CVE
9.5.131 CVE
9.5.161 CVE
9.5.41 CVE

Find a version

14 CVEs

Sort

Incorrect privilege assignment
CVE-2025-41115
Patch
CWE-266
Critical · CVSS 10.0
EPSS 0.1% (18th pct)2025-11-21
Medium vulnerability · 2025-06-02
CVE-2025-3454
Patch
CWE-285
Medium · CVSS 5.0
EPSS 0.0% (10th pct)2025-06-02
Medium vulnerability · 2025-04-23
CVE-2025-2703
Patch
CWE-79
Medium · CVSS 6.8
EPSS 0.0% (13th pct)2025-04-23
Medium vulnerability · 2024-08-20
CVE-2024-6322
Patch
CWE-266
Medium · CVSS 4.4
EPSS 0.0% (10th pct)2024-08-20
Medium vulnerability · 2024-02-13
CVE-2023-6152
Public exploit
Patch
CWE-863
Medium · CVSS 5.4
EPSS 0.2% (45th pct)2024-02-13
Medium vulnerability · 2023-10-17
CVE-2023-4399
Patch
CWE-183
Medium · CVSS 6.6
EPSS 0.1% (16th pct)2023-10-17
Medium vulnerability · 2023-10-16
CVE-2023-4822
Patch
CWE-269
Medium · CVSS 6.7
EPSS 0.3% (52th pct)2023-10-16
Critical vulnerability · 2023-06-22
CVE-2023-3128
Public exploit
Patch
CWE-290
Critical · CVSS 9.4
EPSS 1.9% (84th pct)2023-06-22
Medium vulnerability · 2023-06-06
CVE-2023-2183
Public exploit
Patch
CWE-284
Medium · CVSS 4.1
EPSS 0.9% (76th pct)2023-06-06
High vulnerability · 2023-06-06
CVE-2023-2801
Patch
CWE-820
High · CVSS 7.5
EPSS 0.9% (76th pct)2023-06-06
Medium vulnerability · 2023-04-26
CVE-2023-1387
Public exploit
Patch
CWE-200
Medium · CVSS 4.2
EPSS 0.3% (53th pct)2023-04-26
Stored XSS in Graphite FunctionDescription tooltip
CVE-2023-1410
Public exploit
Patch
CWE-79
Medium · CVSS 6.2
EPSS 2.0% (84th pct)2023-03-23
High vulnerability · 2023-03-01
CVE-2023-0594
Patch
CWE-79
High · CVSS 7.3
EPSS 36.6% (97th pct)2023-03-01
High vulnerability · 2023-03-01
CVE-2023-0507
Patch
CWE-79
High · CVSS 7.3
EPSS 60.6% (98th pct)2023-03-01

Severity and exploitation

Grafana Enterprise Vulnerabilities

Overview

Severity and exploitation

Affected versions and CVEs

Fixed in

Common weakness types

Disclosure activity by year

Other grafana products

Frequently asked questions

How many CVEs does grafana Grafana Enterprise have?

How many grafana Grafana Enterprise CVEs are in CISA KEV?

Are there public exploits for grafana Grafana Enterprise vulnerabilities?

Which versions of grafana Grafana Enterprise are affected?

What are the most common weakness types in grafana Grafana Enterprise CVEs?

How many critical grafana Grafana Enterprise vulnerabilities are there?

What is the average severity of grafana Grafana Enterprise CVEs?

References

Track Grafana Enterprise vulnerabilities