[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-15727":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":660,"aliases":676,"duplicate_of":9,"upstream":679,"downstream":680,"duplicates":693,"related":696,"reserved_at":9,"published_at":700,"modified_at":701,"state":702,"summary":703,"references_raw":710,"kevs":763,"epss":764,"epss_history":767,"metrics":989,"affected":1000},"CVE-2018-15727","Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid \"remember me\" cookie knowing only a username of an LDAP or OAuth user.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-287","Improper Authentication","When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.","weakness","Draft","Class","High",[20,182,261,265,269,273,292,481,543,627],{"id":21,"name":22,"techniques":23},"CAPEC-114","Authentication Abuse",[24],{"id":25,"name":26,"tactics":27,"countermeasures":34},"T1548","Abuse Elevation Control Mechanism",[28,31],{"id":29,"name":30},"TA0030","Defense Evasion",{"id":32,"name":33},"TA0111","Privilege Escalation",[35,40,44,48,52,57,61,65,69,73,77,81,85,89,94,98,103,108,112,116,120,125,129,133,137,141,146,150,154,158,162,166,170,174,178],{"id":36,"name":37,"tactic":38},"D3-CI","Configuration Inventory",{"name":39},"Model",{"id":41,"name":42,"tactic":43},"D3-AM","Access Modeling",{"name":39},{"id":45,"name":46,"tactic":47},"D3-DI","Data Inventory",{"name":39},{"id":49,"name":50,"tactic":51},"D3-NTPM","Network Traffic Policy Mapping",{"name":39},{"id":53,"name":54,"tactic":55},"D3-AEM","Application Exception Monitoring",{"name":56},"Detect",{"id":58,"name":59,"tactic":60},"D3-SCA","System Call Analysis",{"name":56},{"id":62,"name":63,"tactic":64},"D3-SFA","System File Analysis",{"name":56},{"id":66,"name":67,"tactic":68},"D3-FA","File Analysis",{"name":56},{"id":70,"name":71,"tactic":72},"D3-FIM","File Integrity Monitoring",{"name":56},{"id":74,"name":75,"tactic":76},"D3-OPM","Operational Process Monitoring",{"name":56},{"id":78,"name":79,"tactic":80},"D3-DA","Dynamic Analysis",{"name":56},{"id":82,"name":83,"tactic":84},"D3-EFA","Emulated File Analysis",{"name":56},{"id":86,"name":87,"tactic":88},"D3-PSA","Process Spawn Analysis",{"name":56},{"id":90,"name":91,"tactic":92},"D3-FEV","File Eviction",{"name":93},"Evict",{"id":95,"name":96,"tactic":97},"D3-AL","Account Locking",{"name":93},{"id":99,"name":100,"tactic":101},"D3-DF","Decoy File",{"name":102},"Deceive",{"id":104,"name":105,"tactic":106},"D3-FE","File Encryption",{"name":107},"Harden",{"id":109,"name":110,"tactic":111},"D3-AA","Agent Authentication",{"name":107},{"id":113,"name":114,"tactic":115},"D3-CDP","Change Default Password",{"name":107},{"id":117,"name":118,"tactic":119},"D3-SCP","System Configuration Permissions",{"name":107},{"id":121,"name":122,"tactic":123},"D3-RC","Restore Configuration",{"name":124},"Restore",{"id":126,"name":127,"tactic":128},"D3-RF","Restore File",{"name":124},{"id":130,"name":131,"tactic":132},"D3-ULA","Unlock Account",{"name":124},{"id":134,"name":135,"tactic":136},"D3-RUAA","Restore User Account Access",{"name":124},{"id":138,"name":139,"tactic":140},"D3-RD","Restore Database",{"name":124},{"id":142,"name":143,"tactic":144},"D3-SCF","System Call Filtering",{"name":145},"Isolate",{"id":147,"name":148,"tactic":149},"D3-CF","Content Filtering",{"name":145},{"id":151,"name":152,"tactic":153},"D3-LFP","Local File Permissions",{"name":145},{"id":155,"name":156,"tactic":157},"D3-RFAM","Remote File Access Mediation",{"name":145},{"id":159,"name":160,"tactic":161},"D3-CQ","Content Quarantine",{"name":145},{"id":163,"name":164,"tactic":165},"D3-CM","Content Modification",{"name":145},{"id":167,"name":168,"tactic":169},"D3-UAP","User Account Permissions",{"name":145},{"id":171,"name":172,"tactic":173},"D3-EAL","Executable Allowlisting",{"name":145},{"id":175,"name":176,"tactic":177},"D3-EDL","Executable Denylisting",{"name":145},{"id":179,"name":180,"tactic":181},"D3-HBPI","Hardware-based Process Isolation",{"name":145},{"id":183,"name":184,"techniques":185},"CAPEC-115","Authentication Bypass",[186],{"id":25,"name":26,"tactics":187,"countermeasures":190},[188,189],{"id":29,"name":30},{"id":32,"name":33},[191,193,195,197,199,201,203,205,207,209,211,213,215,217,219,221,223,225,227,229,231,233,235,237,239,241,243,245,247,249,251,253,255,257,259],{"id":36,"name":37,"tactic":192},{"name":39},{"id":41,"name":42,"tactic":194},{"name":39},{"id":45,"name":46,"tactic":196},{"name":39},{"id":49,"name":50,"tactic":198},{"name":39},{"id":53,"name":54,"tactic":200},{"name":56},{"id":58,"name":59,"tactic":202},{"name":56},{"id":62,"name":63,"tactic":204},{"name":56},{"id":66,"name":67,"tactic":206},{"name":56},{"id":70,"name":71,"tactic":208},{"name":56},{"id":74,"name":75,"tactic":210},{"name":56},{"id":78,"name":79,"tactic":212},{"name":56},{"id":82,"name":83,"tactic":214},{"name":56},{"id":86,"name":87,"tactic":216},{"name":56},{"id":90,"name":91,"tactic":218},{"name":93},{"id":95,"name":96,"tactic":220},{"name":93},{"id":99,"name":100,"tactic":222},{"name":102},{"id":104,"name":105,"tactic":224},{"name":107},{"id":109,"name":110,"tactic":226},{"name":107},{"id":113,"name":114,"tactic":228},{"name":107},{"id":117,"name":118,"tactic":230},{"name":107},{"id":121,"name":122,"tactic":232},{"name":124},{"id":126,"name":127,"tactic":234},{"name":124},{"id":130,"name":131,"tactic":236},{"name":124},{"id":134,"name":135,"tactic":238},{"name":124},{"id":138,"name":139,"tactic":240},{"name":124},{"id":142,"name":143,"tactic":242},{"name":145},{"id":147,"name":148,"tactic":244},{"name":145},{"id":151,"name":152,"tactic":246},{"name":145},{"id":155,"name":156,"tactic":248},{"name":145},{"id":159,"name":160,"tactic":250},{"name":145},{"id":163,"name":164,"tactic":252},{"name":145},{"id":167,"name":168,"tactic":254},{"name":145},{"id":171,"name":172,"tactic":256},{"name":145},{"id":175,"name":176,"tactic":258},{"name":145},{"id":179,"name":180,"tactic":260},{"name":145},{"id":262,"name":263,"techniques":264},"CAPEC-151","Identity Spoofing",[],{"id":266,"name":267,"techniques":268},"CAPEC-194","Fake the Source of Data",[],{"id":270,"name":271,"techniques":272},"CAPEC-22","Exploiting Trust in Client",[],{"id":274,"name":275,"techniques":276},"CAPEC-57","Utilizing REST's Trust in the System Resource to Obtain Sensitive Data",[277],{"id":278,"name":279,"tactics":280,"countermeasures":287},"T1040","Network Sniffing",[281,284],{"id":282,"name":283},"TA0031","Credential Access",{"id":285,"name":286},"TA0102","Discovery",[288],{"id":289,"name":290,"tactic":291},"D3-DNSTA","DNS Traffic Analysis",{"name":56},{"id":293,"name":294,"techniques":295},"CAPEC-593","Session Hijacking",[296,340,453],{"id":297,"name":298,"tactics":299,"countermeasures":303},"T1185","Browser Session Hijacking",[300],{"id":301,"name":302},"TA0100","Collection",[304,308,312,316,320,324,328,332,336],{"id":305,"name":306,"tactic":307},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":56},{"id":309,"name":310,"tactic":311},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":56},{"id":313,"name":314,"tactic":315},"D3-CSPP","Client-server Payload Profiling",{"name":56},{"id":317,"name":318,"tactic":319},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":56},{"id":321,"name":322,"tactic":323},"D3-NTSA","Network Traffic Signature Analysis",{"name":56},{"id":325,"name":326,"tactic":327},"D3-APCA","Application Protocol Command Analysis",{"name":56},{"id":329,"name":330,"tactic":331},"D3-NTCD","Network Traffic Community Deviation",{"name":56},{"id":333,"name":334,"tactic":335},"D3-RTSD","Remote Terminal Session Detection",{"name":56},{"id":337,"name":338,"tactic":339},"D3-NTF","Network Traffic Filtering",{"name":145},{"id":341,"name":342,"tactics":343,"countermeasures":348},"T1550.001","Application Access Token",[344,345],{"id":29,"name":30},{"id":346,"name":347},"TA0109","Lateral Movement",[349,353,357,359,363,365,367,369,371,373,375,377,379,383,387,391,395,399,403,407,411,415,419,423,427,431,435,437,439,443,447,451],{"id":350,"name":351,"tactic":352},"D3-PLA","Process Lineage Analysis",{"name":56},{"id":354,"name":355,"tactic":356},"D3-PSMD","Process Self-Modification Detection",{"name":56},{"id":86,"name":87,"tactic":358},{"name":56},{"id":360,"name":361,"tactic":362},"D3-CCSA","Credential Compromise Scope Analysis",{"name":56},{"id":305,"name":306,"tactic":364},{"name":56},{"id":309,"name":310,"tactic":366},{"name":56},{"id":313,"name":314,"tactic":368},{"name":56},{"id":317,"name":318,"tactic":370},{"name":56},{"id":321,"name":322,"tactic":372},{"name":56},{"id":325,"name":326,"tactic":374},{"name":56},{"id":329,"name":330,"tactic":376},{"name":56},{"id":333,"name":334,"tactic":378},{"name":56},{"id":380,"name":381,"tactic":382},"D3-PT","Process Termination",{"name":93},{"id":384,"name":385,"tactic":386},"D3-PS","Process Suspension",{"name":93},{"id":388,"name":389,"tactic":390},"D3-HR","Host Reboot",{"name":93},{"id":392,"name":393,"tactic":394},"D3-HS","Host Shutdown",{"name":93},{"id":396,"name":397,"tactic":398},"D3-CR","Credential Revocation",{"name":93},{"id":400,"name":401,"tactic":402},"D3-ANCI","Authentication Cache Invalidation",{"name":93},{"id":404,"name":405,"tactic":406},"D3-DUC","Decoy User Credential",{"name":102},{"id":408,"name":409,"tactic":410},"D3-CH","Credential Hardening",{"name":107},{"id":412,"name":413,"tactic":414},"D3-MFA","Multi-factor Authentication",{"name":107},{"id":416,"name":417,"tactic":418},"D3-CRO","Credential Rotation",{"name":107},{"id":420,"name":421,"tactic":422},"D3-TB","Token Binding",{"name":107},{"id":424,"name":425,"tactic":426},"D3-TBA","Token-based Authentication",{"name":107},{"id":428,"name":429,"tactic":430},"D3-RIC","Reissue Credential",{"name":124},{"id":432,"name":433,"tactic":434},"D3-KBPI","Kernel-based Process Isolation",{"name":145},{"id":142,"name":143,"tactic":436},{"name":145},{"id":179,"name":180,"tactic":438},{"name":145},{"id":440,"name":441,"tactic":442},"D3-ABPI","Application-based Process Isolation",{"name":145},{"id":444,"name":445,"tactic":446},"D3-WSAM","Web Session Access Mediation",{"name":145},{"id":448,"name":449,"tactic":450},"D3-CTS","Credential Transmission Scoping",{"name":145},{"id":337,"name":338,"tactic":452},{"name":145},{"id":454,"name":455,"tactics":456,"countermeasures":458},"T1563","Remote Service Session Hijacking",[457],{"id":346,"name":347},[459,461,463,465,467,469,471,473,475,479],{"id":305,"name":306,"tactic":460},{"name":56},{"id":309,"name":310,"tactic":462},{"name":56},{"id":313,"name":314,"tactic":464},{"name":56},{"id":317,"name":318,"tactic":466},{"name":56},{"id":321,"name":322,"tactic":468},{"name":56},{"id":325,"name":326,"tactic":470},{"name":56},{"id":329,"name":330,"tactic":472},{"name":56},{"id":333,"name":334,"tactic":474},{"name":56},{"id":476,"name":477,"tactic":478},"D3-ST","Session Termination",{"name":93},{"id":337,"name":338,"tactic":480},{"name":145},{"id":482,"name":483,"techniques":484},"CAPEC-633","Token Impersonation",[485],{"id":486,"name":487,"tactics":488,"countermeasures":494},"T1134","Access Token Manipulation",[489,490,493],{"id":29,"name":30},{"id":491,"name":492},"TA0005","Stealth",{"id":32,"name":33},[495,497,499,501,503,505,507,509,511,513,515,517,519,521,523,525,527,529,531,533,535,537,539,541],{"id":36,"name":37,"tactic":496},{"name":39},{"id":49,"name":50,"tactic":498},{"name":39},{"id":41,"name":42,"tactic":500},{"name":39},{"id":53,"name":54,"tactic":502},{"name":56},{"id":58,"name":59,"tactic":504},{"name":56},{"id":360,"name":361,"tactic":506},{"name":56},{"id":74,"name":75,"tactic":508},{"name":56},{"id":86,"name":87,"tactic":510},{"name":56},{"id":476,"name":477,"tactic":512},{"name":93},{"id":396,"name":397,"tactic":514},{"name":93},{"id":400,"name":401,"tactic":516},{"name":93},{"id":404,"name":405,"tactic":518},{"name":102},{"id":408,"name":409,"tactic":520},{"name":107},{"id":412,"name":413,"tactic":522},{"name":107},{"id":416,"name":417,"tactic":524},{"name":107},{"id":420,"name":421,"tactic":526},{"name":107},{"id":424,"name":425,"tactic":528},{"name":107},{"id":121,"name":122,"tactic":530},{"name":124},{"id":428,"name":429,"tactic":532},{"name":124},{"id":142,"name":143,"tactic":534},{"name":145},{"id":448,"name":449,"tactic":536},{"name":145},{"id":171,"name":172,"tactic":538},{"name":145},{"id":175,"name":176,"tactic":540},{"name":145},{"id":179,"name":180,"tactic":542},{"name":145},{"id":544,"name":545,"techniques":546},"CAPEC-650","Upload a Web Shell to a Web Server",[547],{"id":548,"name":549,"tactics":550,"countermeasures":554},"T1505.003","Web Shell",[551],{"id":552,"name":553},"TA0110","Persistence",[555,559,563,567,571,573,575,577,579,581,583,585,587,589,591,593,595,597,599,603,605,607,609,611,613,615,617,619,621,623,625],{"id":556,"name":557,"tactic":558},"D3-NNI","Network Node Inventory",{"name":39},{"id":560,"name":561,"tactic":562},"D3-PLM","Physical Link Mapping",{"name":39},{"id":564,"name":565,"tactic":566},"D3-LLM","Logical Link Mapping",{"name":39},{"id":568,"name":569,"tactic":570},"D3-EHB","Endpoint Health Beacon",{"name":56},{"id":66,"name":67,"tactic":572},{"name":56},{"id":70,"name":71,"tactic":574},{"name":56},{"id":78,"name":79,"tactic":576},{"name":56},{"id":82,"name":83,"tactic":578},{"name":56},{"id":350,"name":351,"tactic":580},{"name":56},{"id":354,"name":355,"tactic":582},{"name":56},{"id":86,"name":87,"tactic":584},{"name":56},{"id":90,"name":91,"tactic":586},{"name":93},{"id":380,"name":381,"tactic":588},{"name":93},{"id":384,"name":385,"tactic":590},{"name":93},{"id":388,"name":389,"tactic":592},{"name":93},{"id":392,"name":393,"tactic":594},{"name":93},{"id":99,"name":100,"tactic":596},{"name":102},{"id":104,"name":105,"tactic":598},{"name":107},{"id":600,"name":601,"tactic":602},"D3-RNA","Restore Network Access",{"name":124},{"id":126,"name":127,"tactic":604},{"name":124},{"id":147,"name":148,"tactic":606},{"name":145},{"id":151,"name":152,"tactic":608},{"name":145},{"id":155,"name":156,"tactic":610},{"name":145},{"id":159,"name":160,"tactic":612},{"name":145},{"id":163,"name":164,"tactic":614},{"name":145},{"id":171,"name":172,"tactic":616},{"name":145},{"id":175,"name":176,"tactic":618},{"name":145},{"id":432,"name":433,"tactic":620},{"name":145},{"id":142,"name":143,"tactic":622},{"name":145},{"id":179,"name":180,"tactic":624},{"name":145},{"id":440,"name":441,"tactic":626},{"name":145},{"id":628,"name":629,"techniques":630},"CAPEC-94","Adversary in the Middle (AiTM)",[631],{"id":632,"name":633,"tactics":634,"countermeasures":637},"T1557","Adversary-in-the-Middle",[635,636],{"id":282,"name":283},{"id":301,"name":302},[638,640,642,644,646,648,650,652,654,658],{"id":305,"name":306,"tactic":639},{"name":56},{"id":309,"name":310,"tactic":641},{"name":56},{"id":313,"name":314,"tactic":643},{"name":56},{"id":317,"name":318,"tactic":645},{"name":56},{"id":321,"name":322,"tactic":647},{"name":56},{"id":325,"name":326,"tactic":649},{"name":56},{"id":329,"name":330,"tactic":651},{"name":56},{"id":333,"name":334,"tactic":653},{"name":56},{"id":655,"name":656,"tactic":657},"D3-CAA","Connection Attempt Analysis",{"name":56},{"id":337,"name":338,"tactic":659},{"name":145},[661],{"_key":662,"name":663,"source":664,"url":665,"maturity":666,"reliability_score":667,"verified":668,"type":669,"platforms":670,"requires_auth":668,"exploitdb":9,"metasploit":671},"MSF_AUXILIARY_ADMIN_HTTP_GRAFANA_AUTH_BYPASS","Grafana 2.0 through 5.2.2 authentication bypass for LDAP and OAuth","metasploit","https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/grafana_auth_bypass.rb","poc",0.5,false,"remote",[],{"fullname":672,"rank":673,"rank_name":674,"post_auth":668,"check":668,"notes":675},"auxiliary/admin/http/grafana_auth_bypass",300,"normal",{"Stability":9,"SideEffects":9,"Reliability":9},[677,678],"GHSA-rgjg-66cx-5x9m","GO-2022-0707",[],[681,683,685,687,689,691],{"_key":682},"SUSE-SU-2019:2867-1",{"_key":684},"RHSA-2018:3829",{"_key":686},"RHSA-2019:0019",{"_key":688},"UBUNTU-CVE-2018-15727",{"_key":690},"SUSE-SU-2019:2671-1",{"_key":692},"SUSE-SU-2020:1273-1",[694],{"_key":695},"CVE-2018-558213",[697,698,699],{"_key":682},{"_key":690},{"_key":692},"2018-08-29T15:00:00.000Z","2024-08-05T10:01:54.541Z","Modified",{"cisa_kev":668,"cisa_ransomware":668,"cisa_vendor":9,"epss_severity":704,"epss_score":705,"severity":704,"severity_score":706,"severity_version":707,"severity_source":708,"severity_vector":709,"severity_status":702},"critical",0.79555,9.8,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[711,719,727,731,737,742,747,751,755,759],{"url":712,"sources":713,"tags":715},"http://www.securityfocus.com/bid/105184",[714,708],"cve.org",[716,717,718],"VDB Entry","X Refsource BID","Third Party Advisory",{"url":720,"sources":721,"tags":723},"https://access.redhat.com/errata/RHSA-2019:0019",[714,708,722],"osv_go",[724,725,718,726],"Vendor Advisory","X Refsource REDHAT","WEB",{"url":728,"sources":729,"tags":730},"https://access.redhat.com/errata/RHSA-2018:3829",[714,708,722],[724,725,718,726],{"url":732,"sources":733,"tags":734},"https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/",[714,708],[735,736,724],"X Refsource CONFIRM","Patch",{"url":738,"sources":739,"tags":740},"https://nvd.nist.gov/vuln/detail/CVE-2018-15727",[722],[741],"Advisory",{"url":743,"sources":744,"tags":745},"https://github.com/grafana/grafana/commit/7baecf0d0deae0d865e45cf03e082bc0db3f28c3",[722],[726,746],"FIX",{"url":748,"sources":749,"tags":750},"https://github.com/grafana/grafana/commit/df83bf10a225811927644bdf6265fa80bdea9137",[722],[726,746],{"url":752,"sources":753,"tags":754},"https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix",[722],[726],{"url":756,"sources":757,"tags":758},"https://www.securityfocus.com/bid/105184",[722],[726],{"url":760,"sources":761,"tags":762},"https://github.com/advisories/GHSA-rgjg-66cx-5x9m",[722],[741],[],{"date":765,"score":705,"percentile":766},"2026-06-04",0.99108,[768,772,775,778,781,783,786,789,792,794,796,798,800,802,804,808,811,813,816,818,820,822,824,826,828,830,832,834,838,841,844,846,849,851,853,855,857,860,863,866,868,871,873,875,877,879,881,883,885,887,889,892,895,897,901,903,906,908,911,914,917,919,922,924,926,928,930,932,935,937,939,941,943,945,947,949,951,953,955,957,959,962,964,967,969,972,975,978,982,985],{"date":769,"score":770,"percentile":771},"2025-11-04",0.76773,0.98894,{"date":773,"score":770,"percentile":774},"2025-11-05",0.98893,{"date":776,"score":770,"percentile":777},"2025-11-06",0.98891,{"date":779,"score":770,"percentile":780},"2025-11-07",0.98889,{"date":782,"score":770,"percentile":780},"2025-11-08",{"date":784,"score":770,"percentile":785},"2025-11-09",0.98888,{"date":787,"score":770,"percentile":788},"2025-11-10",0.98887,{"date":790,"score":770,"percentile":791},"2025-11-11",0.98886,{"date":793,"score":770,"percentile":785},"2025-11-12",{"date":795,"score":770,"percentile":785},"2025-11-13",{"date":797,"score":770,"percentile":788},"2025-11-14",{"date":799,"score":770,"percentile":788},"2025-11-15",{"date":801,"score":770,"percentile":785},"2025-11-16",{"date":803,"score":770,"percentile":780},"2025-11-17",{"date":805,"score":806,"percentile":807},"2025-11-18",0.72481,0.98828,{"date":809,"score":806,"percentile":810},"2025-11-19",0.98829,{"date":812,"score":806,"percentile":810},"2025-11-20",{"date":814,"score":770,"percentile":815},"2025-11-21",0.9889,{"date":817,"score":770,"percentile":780},"2025-11-22",{"date":819,"score":770,"percentile":780},"2025-11-23",{"date":821,"score":770,"percentile":780},"2025-11-24",{"date":823,"score":770,"percentile":815},"2025-11-25",{"date":825,"score":770,"percentile":815},"2025-11-26",{"date":827,"score":770,"percentile":777},"2025-11-27",{"date":829,"score":770,"percentile":777},"2025-11-28",{"date":831,"score":770,"percentile":777},"2025-11-29",{"date":833,"score":770,"percentile":815},"2025-11-30",{"date":835,"score":836,"percentile":837},"2025-12-01",0.75179,0.98832,{"date":839,"score":836,"percentile":840},"2025-12-02",0.98833,{"date":842,"score":836,"percentile":843},"2025-12-03",0.98835,{"date":845,"score":770,"percentile":777},"2025-12-04",{"date":847,"score":770,"percentile":848},"2025-12-05",0.98892,{"date":850,"score":770,"percentile":777},"2025-12-06",{"date":852,"score":770,"percentile":848},"2025-12-07",{"date":854,"score":770,"percentile":848},"2025-12-08",{"date":856,"score":770,"percentile":774},"2025-12-09",{"date":858,"score":770,"percentile":859},"2025-12-10",0.98895,{"date":861,"score":770,"percentile":862},"2025-12-11",0.98896,{"date":864,"score":770,"percentile":865},"2025-12-12",0.98897,{"date":867,"score":770,"percentile":865},"2025-12-13",{"date":869,"score":770,"percentile":870},"2025-12-14",0.98898,{"date":872,"score":770,"percentile":870},"2025-12-15",{"date":874,"score":770,"percentile":870},"2025-12-16",{"date":876,"score":770,"percentile":870},"2025-12-17",{"date":878,"score":770,"percentile":865},"2025-12-18",{"date":880,"score":770,"percentile":865},"2025-12-19",{"date":882,"score":770,"percentile":870},"2025-12-20",{"date":884,"score":770,"percentile":865},"2025-12-21",{"date":886,"score":770,"percentile":865},"2025-12-22",{"date":888,"score":770,"percentile":870},"2025-12-23",{"date":890,"score":770,"percentile":891},"2025-12-24",0.98899,{"date":893,"score":770,"percentile":894},"2025-12-25",0.989,{"date":896,"score":770,"percentile":894},"2025-12-26",{"date":898,"score":899,"percentile":900},"2025-12-27",0.7458,0.98812,{"date":902,"score":770,"percentile":894},"2025-12-28",{"date":904,"score":770,"percentile":905},"2025-12-29",0.98902,{"date":907,"score":770,"percentile":905},"2025-12-30",{"date":909,"score":770,"percentile":910},"2025-12-31",0.98903,{"date":912,"score":836,"percentile":913},"2026-01-01",0.98845,{"date":915,"score":836,"percentile":916},"2026-01-02",0.98844,{"date":918,"score":836,"percentile":913},"2026-01-03",{"date":920,"score":770,"percentile":921},"2026-01-04",0.98904,{"date":923,"score":770,"percentile":921},"2026-01-05",{"date":925,"score":770,"percentile":921},"2026-01-06",{"date":927,"score":770,"percentile":910},"2026-01-07",{"date":929,"score":770,"percentile":921},"2026-01-08",{"date":931,"score":770,"percentile":921},"2026-01-09",{"date":933,"score":770,"percentile":934},"2026-01-10",0.98905,{"date":936,"score":770,"percentile":910},"2026-01-11",{"date":938,"score":770,"percentile":910},"2026-01-12",{"date":940,"score":770,"percentile":910},"2026-01-13",{"date":942,"score":770,"percentile":921},"2026-01-14",{"date":944,"score":770,"percentile":921},"2026-01-15",{"date":946,"score":770,"percentile":921},"2026-01-16",{"date":948,"score":770,"percentile":934},"2026-01-17",{"date":950,"score":770,"percentile":921},"2026-01-18",{"date":952,"score":770,"percentile":934},"2026-01-19",{"date":954,"score":770,"percentile":934},"2026-01-20",{"date":956,"score":770,"percentile":921},"2026-01-21",{"date":958,"score":770,"percentile":934},"2026-01-22",{"date":960,"score":770,"percentile":961},"2026-01-23",0.98906,{"date":963,"score":770,"percentile":961},"2026-01-24",{"date":965,"score":770,"percentile":966},"2026-01-25",0.98907,{"date":968,"score":770,"percentile":966},"2026-01-26",{"date":970,"score":770,"percentile":971},"2026-01-27",0.98908,{"date":973,"score":770,"percentile":974},"2026-01-28",0.98909,{"date":976,"score":770,"percentile":977},"2026-01-29",0.98911,{"date":979,"score":980,"percentile":981},"2026-01-30",0.80081,0.99074,{"date":983,"score":980,"percentile":984},"2026-01-31",0.99073,{"date":986,"score":987,"percentile":988},"2026-02-01",0.78751,0.99015,[990,998],{"source":708,"cvss_v2_0":991,"cvss_v3_0":996,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":992,"baseSeverity":9,"vectorString":993,"impactScore":994,"exploitabilityScore":995},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,10,{"baseScore":706,"baseSeverity":997,"vectorString":709,"impactScore":706,"exploitabilityScore":995},"CRITICAL",{"source":722,"cvss_v2_0":9,"cvss_v3_0":999,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":706,"baseSeverity":9,"vectorString":709,"impactScore":706,"exploitabilityScore":995},[1001,1023,1040],{"ecosystem":1002,"name":1003,"vendor":1004,"product":1005,"cpe_part":9,"purl_type":1006,"purl_namespace":1004,"purl_name":1005,"source":9,"versions":1007},"Go","github.com/grafana/grafana","github.com/grafana","grafana","golang",[1008,1014,1019],{"version":1009,"is_range":1010,"range_type":1011,"version_start":9,"version_start_type":9,"version_end":1012,"version_end_type":1013,"fixed_in":9},"lt4_6_4",true,"semver","4.6.4","excluding",{"version":1015,"is_range":1010,"range_type":1011,"version_start":1016,"version_start_type":1017,"version_end":1018,"version_end_type":1013,"fixed_in":9},"gte5_0_0_lt5_2_3","5.0.0","including","5.2.3",{"version":1020,"is_range":1010,"range_type":1011,"version_start":1021,"version_start_type":1017,"version_end":1022,"version_end_type":1013,"fixed_in":9},"gte5_0_0+incompatible_lt5_2_3+incompatible","5.0.0+incompatible","5.2.3+incompatible",{"ecosystem":9,"name":1005,"vendor":1005,"product":1005,"cpe_part":1024,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":1025},"a",[1026,1031,1035,1038],{"version":1027,"is_range":1010,"range_type":1028,"version_start":1029,"version_start_type":1017,"version_end":1030,"version_end_type":1017,"fixed_in":9},"gte2.0.0_lte2.1.2","cpe","2.0.0","2.1.2",{"version":1032,"is_range":1010,"range_type":1028,"version_start":1033,"version_start_type":1017,"version_end":1034,"version_end_type":1017,"fixed_in":9},"gte3.0.0_lte3.1.1","3.0.0","3.1.1",{"version":1036,"is_range":1010,"range_type":1028,"version_start":1037,"version_start_type":1017,"version_end":1012,"version_end_type":1013,"fixed_in":9},"gte4.0.0_lt4.6.4","4.0.0",{"version":1039,"is_range":1010,"range_type":1028,"version_start":1016,"version_start_type":1017,"version_end":1018,"version_end_type":1013,"fixed_in":9},"gte5.0.0_lt5.2.3",{"ecosystem":9,"name":1041,"vendor":1042,"product":1043,"cpe_part":1024,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":1044},"ceph storage","redhat","ceph_storage",[1045],{"version":1046,"is_range":668,"range_type":1028,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.0"]