[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-15043":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":41,"duplicate_of":9,"upstream":42,"downstream":43,"duplicates":78,"related":79,"reserved_at":9,"published_at":95,"modified_at":96,"state":97,"summary":98,"references_raw":107,"kevs":155,"epss":156,"epss_history":159,"metrics":374,"affected":384},"CVE-2019-15043","In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-306","Missing Authentication for Critical Function","The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.","weakness","Draft","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-12","Choosing Message Identifier",[],{"id":25,"name":26,"techniques":27},"CAPEC-166","Force the System to Reset Values",[],{"id":29,"name":30,"techniques":31},"CAPEC-216","Communication Channel Manipulation",[],{"id":33,"name":34,"techniques":35},"CAPEC-36","Using Unpublished Interfaces or Functionality",[],{"id":37,"name":38,"techniques":39},"CAPEC-62","Cross Site Request Forgery",[],[],[],[],[44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76],{"_key":45},"SUSE-SU-2019:2867-1",{"_key":47},"RHSA-2020:1659",{"_key":49},"UBUNTU-CVE-2019-15043",{"_key":51},"SUSE-RU-2020:2072-1",{"_key":53},"SUSE-SU-2019:2671-1",{"_key":55},"SUSE-SU-2019:2906-1",{"_key":57},"SUSE-SU-2020:1273-1",{"_key":59},"SUSE-SU-2020:1901-1",{"_key":61},"SUSE-SU-2020:1970-1",{"_key":63},"SUSE-SU-2020:1972-1",{"_key":65},"SUSE-SU-2020:2911-1",{"_key":67},"SUSE-SU-2021:1233-1",{"_key":69},"SUSE-SU-2021:1962-1",{"_key":71},"OPENSUSE-SU-2020:1611-1",{"_key":73},"OPENSUSE-SU-2020:0892-1",{"_key":75},"OPENSUSE-SU-2020:1105-1",{"_key":77},"OPENSUSE-SU-2024:10818-1",[],[80,81,82,83,84,85,86,87,88,89,90,91,92,93,94],{"_key":45},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":67},{"_key":69},{"_key":71},{"_key":73},{"_key":75},{"_key":77},"2019-09-03T11:47:35.000Z","2024-08-05T00:34:53.156Z","Modified",{"cisa_kev":99,"cisa_ransomware":99,"cisa_vendor":9,"epss_severity":100,"epss_score":101,"severity":102,"severity_score":103,"severity_version":104,"severity_source":105,"severity_vector":106,"severity_status":97},false,"critical",0.90928,"high",7.5,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[108,115,119,125,129,134,138,142,147,151],{"url":109,"sources":110,"tags":112},"https://community.grafana.com/t/release-notes-v6-3-x/19202",[111,105],"cve.org",[113,114],"X Refsource MISC","Release Notes",{"url":116,"sources":117,"tags":118},"https://github.com/grafana/grafana/releases",[111,105],[113,114],{"url":120,"sources":121,"tags":122},"https://community.grafana.com/t/grafana-5-4-5-and-6-3-4-security-update/20569",[111,105],[123,124],"X Refsource CONFIRM","Vendor Advisory",{"url":126,"sources":127,"tags":128},"https://grafana.com/blog/2019/08/29/grafana-5.4.5-and-6.3.4-released-with-important-security-fix/",[111,105],[123,114,124],{"url":130,"sources":131,"tags":132},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RF5ARGYX3WYB7H2FDR7VAWTEQ27UX3FU/",[111,105],[124,133],"X Refsource FEDORA",{"url":135,"sources":136,"tags":137},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UO4NBL7PKW4OSFRVZENGC42EWEJV2YAH/",[111,105],[124,133],{"url":139,"sources":140,"tags":141},"https://security.netapp.com/advisory/ntap-20191004-0004/",[111,105],[123],{"url":143,"sources":144,"tags":145},"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html",[111,105],[124,146],"X Refsource SUSE",{"url":148,"sources":149,"tags":150},"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html",[111,105],[124,146],{"url":152,"sources":153,"tags":154},"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html",[111,105],[124,146],[],{"date":157,"score":101,"percentile":158},"2026-06-04",0.99647,[160,163,166,168,171,174,176,178,180,182,185,187,189,191,193,197,200,203,207,209,211,214,216,218,220,222,224,227,231,233,235,238,241,243,245,248,250,252,254,256,258,260,262,264,266,268,270,272,275,277,280,284,287,289,293,295,297,299,301,305,307,309,312,314,316,318,320,322,324,326,328,330,333,335,337,340,342,344,346,348,350,352,354,358,360,363,365,367,369,372],{"date":161,"score":101,"percentile":162},"2025-11-04",0.9961,{"date":164,"score":101,"percentile":165},"2025-11-05",0.99609,{"date":167,"score":101,"percentile":165},"2025-11-06",{"date":169,"score":101,"percentile":170},"2025-11-07",0.99608,{"date":172,"score":101,"percentile":173},"2025-11-08",0.99607,{"date":175,"score":101,"percentile":173},"2025-11-09",{"date":177,"score":101,"percentile":173},"2025-11-10",{"date":179,"score":101,"percentile":173},"2025-11-11",{"date":181,"score":101,"percentile":173},"2025-11-12",{"date":183,"score":101,"percentile":184},"2025-11-13",0.99606,{"date":186,"score":101,"percentile":184},"2025-11-14",{"date":188,"score":101,"percentile":184},"2025-11-15",{"date":190,"score":101,"percentile":184},"2025-11-16",{"date":192,"score":101,"percentile":184},"2025-11-17",{"date":194,"score":195,"percentile":196},"2025-11-18",0.31606,0.96555,{"date":198,"score":195,"percentile":199},"2025-11-19",0.96556,{"date":201,"score":195,"percentile":202},"2025-11-20",0.96558,{"date":204,"score":205,"percentile":206},"2025-11-21",0.90763,0.99591,{"date":208,"score":205,"percentile":206},"2025-11-22",{"date":210,"score":205,"percentile":206},"2025-11-23",{"date":212,"score":205,"percentile":213},"2025-11-24",0.9959,{"date":215,"score":205,"percentile":213},"2025-11-25",{"date":217,"score":205,"percentile":206},"2025-11-26",{"date":219,"score":205,"percentile":206},"2025-11-27",{"date":221,"score":205,"percentile":206},"2025-11-28",{"date":223,"score":205,"percentile":206},"2025-11-29",{"date":225,"score":205,"percentile":226},"2025-11-30",0.99592,{"date":228,"score":229,"percentile":230},"2025-12-01",0.90142,0.99566,{"date":232,"score":229,"percentile":230},"2025-12-02",{"date":234,"score":229,"percentile":230},"2025-12-03",{"date":236,"score":205,"percentile":237},"2025-12-04",0.99593,{"date":239,"score":205,"percentile":240},"2025-12-05",0.99594,{"date":242,"score":205,"percentile":240},"2025-12-06",{"date":244,"score":205,"percentile":240},"2025-12-07",{"date":246,"score":205,"percentile":247},"2025-12-08",0.99595,{"date":249,"score":205,"percentile":247},"2025-12-09",{"date":251,"score":205,"percentile":247},"2025-12-10",{"date":253,"score":205,"percentile":247},"2025-12-11",{"date":255,"score":205,"percentile":247},"2025-12-12",{"date":257,"score":205,"percentile":247},"2025-12-13",{"date":259,"score":205,"percentile":247},"2025-12-14",{"date":261,"score":205,"percentile":240},"2025-12-15",{"date":263,"score":205,"percentile":240},"2025-12-16",{"date":265,"score":205,"percentile":247},"2025-12-17",{"date":267,"score":205,"percentile":247},"2025-12-18",{"date":269,"score":205,"percentile":247},"2025-12-19",{"date":271,"score":205,"percentile":247},"2025-12-20",{"date":273,"score":205,"percentile":274},"2025-12-21",0.99596,{"date":276,"score":205,"percentile":274},"2025-12-22",{"date":278,"score":279,"percentile":237},"2025-12-23",0.90695,{"date":281,"score":282,"percentile":283},"2025-12-24",0.90497,0.99584,{"date":285,"score":282,"percentile":286},"2025-12-25",0.99585,{"date":288,"score":282,"percentile":283},"2025-12-26",{"date":290,"score":291,"percentile":292},"2025-12-27",0.90387,0.99582,{"date":294,"score":282,"percentile":283},"2025-12-28",{"date":296,"score":282,"percentile":283},"2025-12-29",{"date":298,"score":282,"percentile":283},"2025-12-30",{"date":300,"score":282,"percentile":286},"2025-12-31",{"date":302,"score":303,"percentile":304},"2026-01-01",0.89833,0.99557,{"date":306,"score":303,"percentile":304},"2026-01-02",{"date":308,"score":303,"percentile":304},"2026-01-03",{"date":310,"score":282,"percentile":311},"2026-01-04",0.99587,{"date":313,"score":282,"percentile":311},"2026-01-05",{"date":315,"score":282,"percentile":311},"2026-01-06",{"date":317,"score":282,"percentile":311},"2026-01-07",{"date":319,"score":282,"percentile":311},"2026-01-08",{"date":321,"score":282,"percentile":311},"2026-01-09",{"date":323,"score":282,"percentile":311},"2026-01-10",{"date":325,"score":282,"percentile":311},"2026-01-11",{"date":327,"score":282,"percentile":311},"2026-01-12",{"date":329,"score":282,"percentile":311},"2026-01-13",{"date":331,"score":282,"percentile":332},"2026-01-14",0.99588,{"date":334,"score":282,"percentile":332},"2026-01-15",{"date":336,"score":282,"percentile":332},"2026-01-16",{"date":338,"score":282,"percentile":339},"2026-01-17",0.99589,{"date":341,"score":282,"percentile":311},"2026-01-18",{"date":343,"score":282,"percentile":311},"2026-01-19",{"date":345,"score":282,"percentile":311},"2026-01-20",{"date":347,"score":282,"percentile":311},"2026-01-21",{"date":349,"score":282,"percentile":332},"2026-01-22",{"date":351,"score":282,"percentile":339},"2026-01-23",{"date":353,"score":282,"percentile":213},"2026-01-24",{"date":355,"score":356,"percentile":357},"2026-01-25",0.88379,0.99475,{"date":359,"score":356,"percentile":357},"2026-01-26",{"date":361,"score":356,"percentile":362},"2026-01-27",0.99476,{"date":364,"score":356,"percentile":362},"2026-01-28",{"date":366,"score":356,"percentile":362},"2026-01-29",{"date":368,"score":356,"percentile":362},"2026-01-30",{"date":370,"score":356,"percentile":371},"2026-01-31",0.99477,{"date":373,"score":303,"percentile":230},"2026-02-01",[375],{"source":105,"cvss_v2_0":376,"cvss_v3_0":381,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":377,"baseSeverity":9,"vectorString":378,"impactScore":379,"exploitabilityScore":380},5,"AV:N/AC:L/Au:N/C:N/I:N/A:P",2.9,10,{"baseScore":103,"baseSeverity":382,"vectorString":106,"impactScore":383,"exploitabilityScore":380},"HIGH",6,[385],{"ecosystem":9,"name":386,"vendor":386,"product":386,"cpe_part":387,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":388},"grafana","a",[389,397],{"version":390,"is_range":391,"range_type":392,"version_start":393,"version_start_type":394,"version_end":395,"version_end_type":396,"fixed_in":9},"gte2.0.0_lt5.4.5",true,"cpe","2.0.0","including","5.4.5","excluding",{"version":398,"is_range":391,"range_type":392,"version_start":399,"version_start_type":394,"version_end":400,"version_end_type":396,"fixed_in":9},"gte6.0.0_lt6.3.4","6.0.0","6.3.4"]