[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2025:01991-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":30,"duplicates":31,"related":32,"reserved_at":9,"published_at":41,"modified_at":42,"state":9,"summary":43,"references_raw":45,"kevs":131,"epss":9,"epss_history":132,"metrics":133,"affected":134},"SUSE-SU-2025:01991-1","Security update for grafana\n\nThis update for grafana fixes the following issues:\n\ngrafana was updated from version 10.4.15 to 11.5.5 (jsc#PED-12918):\n\n- Security issues fixed:\n    * CVE-2025-4123: Fix cross-site scripting vulnerability (bsc#1243714).\n    * CVE-2025-22872: Bump golang.org/x/net/html (bsc#1241809)\n    * CVE-2025-3580: Prevent unauthorized server admin deletion (bsc#1243672).\n    * CVE-2025-29923: Bump github.com/redis/go-redis/v9 to 9.6.3.\n    * CVE-2025-3454: Sanitize paths before evaluating access to route (bsc#1241683).\n    * CVE-2025-2703: Fix built-in XY Chart plugin (bsc#1241687).\n    * CVE-2025-22870: Bump golang.org/x/net (bsc#1238703).\n    * CVE-2024-9476: Fix Migration Assistant issue (bsc#1233343)\n    * CVE-2024-9264: SQL Expressions (bsc#1231844)\n    * CVE-2023-45288: Bump golang.org/x/net (bsc#1236510)\n    * CVE-2025-22870: Bump golang.org/x/net to version 0.37.0 (bsc#1238686)\n\n- Potential breaking changes in version 11.5.0:\n    * Loki: Default to /labels API with query param instead of /series API.\n- Potential breaking changes in version 11.0.1:\n    * If you had selected your language as 'Portugu�s Brasileiro'\n    previously, this will be reset. You have to select it again in\n    your Preferences for the fix to be applied and the translations\n    will then be shown.\n- Potential breaking changes in version 11.0.0:\n    * AngularJS support is turned off by default.\n    * Legacy alerting is entirely removed.\n    * Subfolders cause very rare issues with folders which have\n      slashes in their names.\n    * The input data source is removed.\n    * Data sources: Responses which are associated with hidden\n      queries will be removed (filtered) by Grafana.\n    * The URL which is generated when viewing an individual repeated\n      panel has changed.\n    * React Router is deprecated.\n    * The grafana/e2e testing tool is deprecated.\n    \n- This update brings many new features, enhancements and fixes highlighted at:\n  * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v11-5/\n  * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v11-4/\n  * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v11-3/\n  * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v11-2/\n  * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v11-1/\n  * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v11-0/\n",null,[],[],[],[14,16,18,20,22,24,26,28],{"_key":15},"CVE-2023-45288",{"_key":17},"CVE-2024-9264",{"_key":19},"CVE-2024-9476",{"_key":21},"CVE-2025-22870",{"_key":23},"CVE-2025-22872",{"_key":25},"CVE-2025-2703",{"_key":27},"CVE-2025-29923",{"_key":29},"CVE-2025-3454",[],[],[33,34,35,36,37,38,39,40],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},"2025-06-18T02:12:17Z","2026-02-04T03:37:00.058041Z",{"cisa_kev":44,"cisa_ransomware":44,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[46,53,58,62,66,70,74,78,82,86,90,94,98,103,107,111,115,119,123,127],{"url":47,"sources":48,"tags":51},"https://www.suse.com/support/update/announcement/2025/suse-su-202501991-1/",[49,50],"osv_suse","osv_opensuse",[52],"Advisory",{"url":54,"sources":55,"tags":56},"https://bugzilla.suse.com/1231844",[49,50],[57],"REPORT",{"url":59,"sources":60,"tags":61},"https://bugzilla.suse.com/1233343",[49,50],[57],{"url":63,"sources":64,"tags":65},"https://bugzilla.suse.com/1236510",[49,50],[57],{"url":67,"sources":68,"tags":69},"https://bugzilla.suse.com/1236516",[49,50],[57],{"url":71,"sources":72,"tags":73},"https://bugzilla.suse.com/1238686",[49,50],[57],{"url":75,"sources":76,"tags":77},"https://bugzilla.suse.com/1238703",[49,50],[57],{"url":79,"sources":80,"tags":81},"https://bugzilla.suse.com/1241683",[49,50],[57],{"url":83,"sources":84,"tags":85},"https://bugzilla.suse.com/1241687",[49,50],[57],{"url":87,"sources":88,"tags":89},"https://bugzilla.suse.com/1241809",[49,50],[57],{"url":91,"sources":92,"tags":93},"https://bugzilla.suse.com/1243672",[49,50],[57],{"url":95,"sources":96,"tags":97},"https://bugzilla.suse.com/1243714",[49,50],[57],{"url":99,"sources":100,"tags":101},"https://www.suse.com/security/cve/CVE-2023-45288",[49,50],[102],"WEB",{"url":104,"sources":105,"tags":106},"https://www.suse.com/security/cve/CVE-2024-9264",[49,50],[102],{"url":108,"sources":109,"tags":110},"https://www.suse.com/security/cve/CVE-2024-9476",[49,50],[102],{"url":112,"sources":113,"tags":114},"https://www.suse.com/security/cve/CVE-2025-22870",[49,50],[102],{"url":116,"sources":117,"tags":118},"https://www.suse.com/security/cve/CVE-2025-22872",[49,50],[102],{"url":120,"sources":121,"tags":122},"https://www.suse.com/security/cve/CVE-2025-2703",[49,50],[102],{"url":124,"sources":125,"tags":126},"https://www.suse.com/security/cve/CVE-2025-29923",[49,50],[102],{"url":128,"sources":129,"tags":130},"https://www.suse.com/security/cve/CVE-2025-3454",[49,50],[102],[],[],[],[135,148,154],{"ecosystem":136,"name":137,"vendor":138,"product":139,"cpe_part":9,"purl_type":140,"purl_namespace":138,"purl_name":139,"source":9,"versions":141},"openSUSE","grafana","opensuse","grafana&distro=openSUSE Leap 15.6","rpm",[142],{"version":143,"is_range":144,"range_type":145,"version_start":9,"version_start_type":9,"version_end":146,"version_end_type":147,"fixed_in":9},"lt11_5_5_150200_3_72_2",true,"ecosystem","11.5.5-150200.3.72.2","excluding",{"ecosystem":149,"name":137,"vendor":150,"product":151,"cpe_part":9,"purl_type":140,"purl_namespace":150,"purl_name":151,"source":9,"versions":152},"SUSE Linux Enterprise","suse","grafana&distro=SUSE Linux Enterprise Module for Package Hub 15 SP6",[153],{"version":143,"is_range":144,"range_type":145,"version_start":9,"version_start_type":9,"version_end":146,"version_end_type":147,"fixed_in":9},{"ecosystem":149,"name":137,"vendor":150,"product":155,"cpe_part":9,"purl_type":140,"purl_namespace":150,"purl_name":155,"source":9,"versions":156},"grafana&distro=SUSE Linux Enterprise Module for Package Hub 15 SP7",[157],{"version":143,"is_range":144,"range_type":145,"version_start":9,"version_start_type":9,"version_end":146,"version_end_type":147,"fixed_in":9}]