[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-21720":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":93,"aliases":94,"duplicate_of":9,"upstream":95,"downstream":96,"duplicates":107,"related":108,"reserved_at":9,"published_at":115,"modified_at":116,"state":117,"summary":118,"references_raw":127,"kevs":139,"epss":140,"epss_history":143,"metrics":418,"affected":426},"CVE-2026-21720","Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel. Sustained traffic with random hashes keeps tripping this timeout, so goroutine count grows linearly, eventually exhausting memory and causing Grafana to crash on some systems.",null,[11,86],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-400","Uncontrolled Resource Consumption","The product does not properly control the allocation and maintenance of a limited resource.","weakness","Draft","Class","High",[20,24,82],{"id":21,"name":22,"techniques":23},"CAPEC-147","XML Ping of the Death",[],{"id":25,"name":26,"techniques":27},"CAPEC-227","Sustained Client Engagement",[28],{"id":29,"name":30,"tactics":31,"countermeasures":35},"T1499","Endpoint Denial of Service",[32],{"id":33,"name":34},"TA0105","Impact",[36,41,45,49,53,57,61,65,69,73,78],{"id":37,"name":38,"tactic":39},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":40},"Detect",{"id":42,"name":43,"tactic":44},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":40},{"id":46,"name":47,"tactic":48},"D3-CSPP","Client-server Payload Profiling",{"name":40},{"id":50,"name":51,"tactic":52},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":40},{"id":54,"name":55,"tactic":56},"D3-NTSA","Network Traffic Signature Analysis",{"name":40},{"id":58,"name":59,"tactic":60},"D3-APCA","Application Protocol Command Analysis",{"name":40},{"id":62,"name":63,"tactic":64},"D3-NTCD","Network Traffic Community Deviation",{"name":40},{"id":66,"name":67,"tactic":68},"D3-RTSD","Remote Terminal Session Detection",{"name":40},{"id":70,"name":71,"tactic":72},"D3-ISVA","Inbound Session Volume Analysis",{"name":40},{"id":74,"name":75,"tactic":76},"D3-NTF","Network Traffic Filtering",{"name":77},"Isolate",{"id":79,"name":80,"tactic":81},"D3-ITF","Inbound Traffic Filtering",{"name":77},{"id":83,"name":84,"techniques":85},"CAPEC-492","Regular Expression Exponential Blowup",[],{"_key":87,"id":87,"name":88,"description":89,"type":15,"status":90,"abstraction":91,"likelihood_of_exploit":9,"capec":92},"CWE-703","Improper Check or Handling of Exceptional Conditions","The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.","Incomplete","Pillar",[],[],[],[],[97,99,101,103,105],{"_key":98},"UBUNTU-CVE-2026-21720",{"_key":100},"SUSE-SU-2026:1037-1",{"_key":102},"SUSE-SU-2026:1013-1",{"_key":104},"SUSE-SU-2026:1524-1",{"_key":106},"OPENSUSE-SU-2026:10601-1",[],[109,110,111,112,113],{"_key":100},{"_key":102},{"_key":104},{"_key":106},{"_key":114},"CGA-V8WW-6GG2-H375","2026-01-27T09:07:04.758Z","2026-05-13T19:28:36.287Z","Analyzed",{"cisa_kev":119,"cisa_ransomware":119,"cisa_vendor":9,"epss_severity":120,"epss_score":121,"severity":122,"severity_score":123,"severity_version":124,"severity_source":125,"severity_vector":126,"severity_status":117},false,"low",0.00036,"high",7.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[128,135],{"url":129,"sources":130,"tags":132},"https://grafana.com/security/security-advisories/CVE-2026-21720",[125,131],"nvd",[133,134],"Vendor Advisory","Broken Link",{"url":136,"sources":137,"tags":138},"https://grafana.com/security/security-advisories/cve-2026-21720",[125],[133],[],{"date":141,"score":121,"percentile":142},"2026-06-05",0.11166,[144,148,151,154,157,160,163,167,170,173,176,179,182,185,188,191,193,196,199,202,205,208,211,215,218,221,224,227,230,233,236,239,242,246,249,252,255,258,261,264,267,270,273,276,279,282,285,288,291,294,297,299,302,305,308,311,314,317,320,323,326,329,332,335,338,341,344,347,350,354,357,360,363,366,369,372,375,378,381,384,387,390,393,396,399,403,406,409,412,415],{"date":145,"score":146,"percentile":147},"2026-01-27",0.0004,0.11943,{"date":149,"score":146,"percentile":150},"2026-01-28",0.11932,{"date":152,"score":146,"percentile":153},"2026-01-29",0.11907,{"date":155,"score":146,"percentile":156},"2026-01-30",0.11929,{"date":158,"score":146,"percentile":159},"2026-01-31",0.11947,{"date":161,"score":146,"percentile":162},"2026-02-01",0.11942,{"date":164,"score":165,"percentile":166},"2026-02-02",0.00052,0.16371,{"date":168,"score":165,"percentile":169},"2026-02-03",0.16348,{"date":171,"score":165,"percentile":172},"2026-02-04",0.16338,{"date":174,"score":165,"percentile":175},"2026-02-05",0.16376,{"date":177,"score":165,"percentile":178},"2026-02-06",0.16389,{"date":180,"score":165,"percentile":181},"2026-02-07",0.16411,{"date":183,"score":165,"percentile":184},"2026-02-08",0.16373,{"date":186,"score":165,"percentile":187},"2026-02-09",0.16335,{"date":189,"score":165,"percentile":190},"2026-02-10",0.16255,{"date":192,"score":165,"percentile":190},"2026-02-11",{"date":194,"score":165,"percentile":195},"2026-02-12",0.16283,{"date":197,"score":165,"percentile":198},"2026-02-13",0.16275,{"date":200,"score":165,"percentile":201},"2026-02-14",0.16212,{"date":203,"score":165,"percentile":204},"2026-02-15",0.16191,{"date":206,"score":165,"percentile":207},"2026-02-16",0.1615,{"date":209,"score":165,"percentile":210},"2026-02-17",0.16123,{"date":212,"score":213,"percentile":214},"2026-02-18",0.00017,0.03742,{"date":216,"score":213,"percentile":217},"2026-02-19",0.03764,{"date":219,"score":213,"percentile":220},"2026-02-20",0.03761,{"date":222,"score":213,"percentile":223},"2026-02-21",0.03758,{"date":225,"score":213,"percentile":226},"2026-02-22",0.03754,{"date":228,"score":213,"percentile":229},"2026-02-23",0.03736,{"date":231,"score":213,"percentile":232},"2026-02-24",0.0372,{"date":234,"score":213,"percentile":235},"2026-02-25",0.03717,{"date":237,"score":213,"percentile":238},"2026-02-26",0.03706,{"date":240,"score":213,"percentile":241},"2026-02-27",0.0377,{"date":243,"score":244,"percentile":245},"2026-02-28",0.00018,0.04453,{"date":247,"score":244,"percentile":248},"2026-03-01",0.04531,{"date":250,"score":244,"percentile":251},"2026-03-02",0.04563,{"date":253,"score":244,"percentile":254},"2026-03-03",0.0458,{"date":256,"score":244,"percentile":257},"2026-03-04",0.0446,{"date":259,"score":244,"percentile":260},"2026-03-05",0.04507,{"date":262,"score":244,"percentile":263},"2026-03-06",0.04481,{"date":265,"score":244,"percentile":266},"2026-03-07",0.04487,{"date":268,"score":244,"percentile":269},"2026-03-08",0.04492,{"date":271,"score":244,"percentile":272},"2026-03-09",0.04469,{"date":274,"score":244,"percentile":275},"2026-03-10",0.04474,{"date":277,"score":244,"percentile":278},"2026-03-11",0.0448,{"date":280,"score":244,"percentile":281},"2026-03-12",0.04506,{"date":283,"score":244,"percentile":284},"2026-03-13",0.045,{"date":286,"score":244,"percentile":287},"2026-03-14",0.04456,{"date":289,"score":244,"percentile":290},"2026-03-15",0.04441,{"date":292,"score":244,"percentile":293},"2026-03-16",0.0444,{"date":295,"score":244,"percentile":296},"2026-03-17",0.04436,{"date":298,"score":244,"percentile":293},"2026-03-18",{"date":300,"score":244,"percentile":301},"2026-03-19",0.04461,{"date":303,"score":244,"percentile":304},"2026-03-20",0.04467,{"date":306,"score":244,"percentile":307},"2026-03-21",0.04663,{"date":309,"score":244,"percentile":310},"2026-03-22",0.04656,{"date":312,"score":244,"percentile":313},"2026-03-23",0.04651,{"date":315,"score":244,"percentile":316},"2026-03-24",0.04637,{"date":318,"score":244,"percentile":319},"2026-03-25",0.04673,{"date":321,"score":244,"percentile":322},"2026-03-26",0.04707,{"date":324,"score":244,"percentile":325},"2026-03-27",0.04711,{"date":327,"score":244,"percentile":328},"2026-03-28",0.04714,{"date":330,"score":244,"percentile":331},"2026-03-29",0.04709,{"date":333,"score":244,"percentile":334},"2026-03-30",0.0469,{"date":336,"score":244,"percentile":337},"2026-03-31",0.04666,{"date":339,"score":244,"percentile":340},"2026-04-01",0.04683,{"date":342,"score":244,"percentile":343},"2026-04-02",0.04745,{"date":345,"score":244,"percentile":346},"2026-04-03",0.04757,{"date":348,"score":244,"percentile":349},"2026-04-04",0.04767,{"date":351,"score":352,"percentile":353},"2026-04-05",0.00019,0.05069,{"date":355,"score":352,"percentile":356},"2026-04-06",0.05078,{"date":358,"score":352,"percentile":359},"2026-04-07",0.05093,{"date":361,"score":352,"percentile":362},"2026-04-08",0.05125,{"date":364,"score":352,"percentile":365},"2026-04-09",0.0514,{"date":367,"score":352,"percentile":368},"2026-04-10",0.05134,{"date":370,"score":352,"percentile":371},"2026-04-11",0.05114,{"date":373,"score":352,"percentile":374},"2026-04-12",0.05098,{"date":376,"score":352,"percentile":377},"2026-04-13",0.05081,{"date":379,"score":352,"percentile":380},"2026-04-14",0.05019,{"date":382,"score":352,"percentile":383},"2026-04-15",0.05017,{"date":385,"score":352,"percentile":386},"2026-04-16",0.05029,{"date":388,"score":352,"percentile":389},"2026-04-17",0.0504,{"date":391,"score":352,"percentile":392},"2026-04-18",0.05035,{"date":394,"score":352,"percentile":395},"2026-04-19",0.05021,{"date":397,"score":352,"percentile":398},"2026-04-20",0.05016,{"date":400,"score":401,"percentile":402},"2026-04-21",0.00022,0.05936,{"date":404,"score":401,"percentile":405},"2026-04-22",0.05946,{"date":407,"score":401,"percentile":408},"2026-04-23",0.05967,{"date":410,"score":401,"percentile":411},"2026-04-24",0.05969,{"date":413,"score":401,"percentile":414},"2026-04-25",0.0601,{"date":416,"score":401,"percentile":417},"2026-04-26",0.06005,[419,424],{"source":125,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":420,"cvss_v4_0":9},{"baseScore":123,"baseSeverity":421,"vectorString":126,"impactScore":422,"exploitabilityScore":423},"HIGH",6,10,{"source":131,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":425,"cvss_v4_0":9},{"baseScore":123,"baseSeverity":421,"vectorString":126,"impactScore":422,"exploitabilityScore":423},[427,453,467],{"ecosystem":9,"name":428,"vendor":428,"product":428,"cpe_part":429,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":430},"grafana","a",[431,439,443,447,451],{"version":432,"is_range":433,"range_type":434,"version_start":435,"version_start_type":436,"version_end":437,"version_end_type":438,"fixed_in":9},"gte3.0.0_lt11.6.9",true,"cpe","3.0.0","including","11.6.9","excluding",{"version":440,"is_range":433,"range_type":434,"version_start":441,"version_start_type":436,"version_end":442,"version_end_type":438,"fixed_in":9},"gte12.0.0_lt12.0.8","12.0.0","12.0.8",{"version":444,"is_range":433,"range_type":434,"version_start":445,"version_start_type":436,"version_end":446,"version_end_type":438,"fixed_in":9},"gte12.1.0_lt12.1.5","12.1.0","12.1.5",{"version":448,"is_range":433,"range_type":434,"version_start":449,"version_start_type":436,"version_end":450,"version_end_type":438,"fixed_in":9},"gte12.2.0_lt12.2.3","12.2.0","12.2.3",{"version":452,"is_range":119,"range_type":434,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.3.0",{"ecosystem":9,"name":454,"vendor":428,"product":454,"cpe_part":429,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":455},"grafana/grafana",[456,458,460,462,464],{"version":457,"is_range":433,"range_type":125,"version_start":435,"version_start_type":436,"version_end":437,"version_end_type":438,"fixed_in":9},">= 3.0.0, \u003C 11.6.9",{"version":459,"is_range":433,"range_type":125,"version_start":435,"version_start_type":436,"version_end":442,"version_end_type":438,"fixed_in":9},">= 3.0.0, \u003C 12.0.8",{"version":461,"is_range":433,"range_type":125,"version_start":435,"version_start_type":436,"version_end":446,"version_end_type":438,"fixed_in":9},">= 3.0.0, \u003C 12.1.5",{"version":463,"is_range":433,"range_type":125,"version_start":435,"version_start_type":436,"version_end":450,"version_end_type":438,"fixed_in":9},">= 3.0.0, \u003C 12.2.3",{"version":465,"is_range":433,"range_type":125,"version_start":435,"version_start_type":436,"version_end":466,"version_end_type":438,"fixed_in":9},">= 3.0.0, \u003C 12.3.1","12.3.1",{"ecosystem":9,"name":468,"vendor":428,"product":468,"cpe_part":429,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":469},"grafana/grafana-enterprise",[470,471,472,473,474],{"version":457,"is_range":433,"range_type":125,"version_start":435,"version_start_type":436,"version_end":437,"version_end_type":438,"fixed_in":9},{"version":459,"is_range":433,"range_type":125,"version_start":435,"version_start_type":436,"version_end":442,"version_end_type":438,"fixed_in":9},{"version":461,"is_range":433,"range_type":125,"version_start":435,"version_start_type":436,"version_end":446,"version_end_type":438,"fixed_in":9},{"version":463,"is_range":433,"range_type":125,"version_start":435,"version_start_type":436,"version_end":450,"version_end_type":438,"fixed_in":9},{"version":465,"is_range":433,"range_type":125,"version_start":435,"version_start_type":436,"version_end":466,"version_end_type":438,"fixed_in":9}]