depscope
Packages
IntegrateAPI DocsCuratorBenchmarkCoverage
Sign inGet API access

Related on DepScope

Breaking changes
49 recorded changes →
Known bugs
94 non-CVE bugs →
More
  • All Go packages →
  • Breaking changes index →
  • Bug index →
  • AI hallucination corpus →
depscope/go/github.com/grafana/grafana

github.com/grafana/grafana

govv5.4.5+incompatible

The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.

License Apache-2.0permissive140 versions3005 maintainers0 deps73,449 weekly dl
grafana/grafana
30
/ 100
Health
do not use

github.com/grafana/grafana has critical vulnerabilities — do not use

Update to >= 0.0.0-20250521211231-e0ba4b480954 to fix known vulnerabilities

  • Low health score (30/100)
  • 10 high severity vulnerabilities
  • 2 critical vulnerabilities
Health breakdown0 – 100
0/25
maintenance
10/20
popularity
0/25
security
15/15
maturity
5/15
community
Vulnerabilities
70
2 critical10 high23 medium35 low
Advisories (70)
SeverityIDSummaryFixed in
mediumBIT-grafana-2023-6152Email Validation Bypass And Preventing Sign Up From Email's Owner10.3.3
highBIT-grafana-2020-12458Grafana information disclosure7.2.1
highBIT-grafana-2022-39307Grafana User enumeration via forget password8.5.15
highBIT-grafana-2025-3260Grafana vulnerable to authenticated users bypassing dashboard, folder permissions0.0.0-20250521183405-c7a690348df7
mediumBIT-grafana-2026-27877Grafana public dashboards disclose all direct mode datasources1.9.2-0.20260325055210-3522153e07b4
mediumBIT-grafana-2025-3415Grafana's insecure DingDing Alert integration exposes sensitive information1.9.2-0.20250514160932-04111e9f2afd
mediumBIT-grafana-2022-39324Grafana Spoofing originalUrl of snapshots8.5.16
mediumCVE-2019-19499Grafana Arbitrary File Read6.4.4
mediumBIT-grafana-2022-21713Grafana API IDOR8.3.5
lowBIT-grafana-2024-10452Grafana org admin can delete pending invites in different org—
highBIT-grafana-2021-39226Authentication bypass for viewing and deletions of snapshots8.1.6
mediumCVE-2018-18625Grafana XSS via adding a link in General feature6.0.0-beta1
mediumBIT-grafana-2026-21724Grafana OSS: Authorization bypass allows users with Editor role to modify protected webhook URLs without permissions1.9.2-0.20260323180334-daffe750de85
mediumBIT-grafana-2020-13430Grafana XSS via the OpenTSDB datasource7.0.0
mediumCVE-2019-13068Grafana Cross-site Scripting vulnerability6.2.5
mediumCVE-2018-18624Grafana XSS via a column style7.0.0
mediumBIT-grafana-2025-3454Grafana's datasource proxy API allows authorization checks to be bypassed0.0.0-20250424191517-1f707d16ed5d
mediumBIT-grafana-2020-12245Grafana XSS in header column rename6.7.3
mediumCVE-2018-18623Grafana XSS in Dashboard Text Panel6.0.0-beta1
lowBIT-grafana-2025-1088Grafana long dashboard title or panel name causes unresponsives0.0.0-20250521211231-e0ba4b480954
... and 50 more
Maintainer trust
Active maintainers (3m)
49
Contributors (12m)
49
Primary author dominance
11%
GitHub stars
73,394

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/go/github.com/grafana/grafana

Last updated · 2019-08-19T14:38:14Z

DepScope

Package intelligence for AI agents. 19 ecosystems.

Resources
API DocumentationHallucination BenchmarkFor EnterpriseSwagger / OpenAPIPopular PackagesCoverageAI Plugin SetupWatch the pitch (60s)
Legal
Legal hubPrivacy PolicyTerms of ServiceCookie PolicyAcceptable UseAttributionDPASub-processorsSecurityImprintContact中文
© 2026 Cuttalo srl — Italy · VAT IT03242390734Built for AI agents