[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2026:1037-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":24,"duplicates":25,"related":26,"reserved_at":9,"published_at":32,"modified_at":33,"state":9,"summary":34,"references_raw":36,"kevs":86,"epss":9,"epss_history":87,"metrics":88,"affected":89},"SUSE-SU-2026:1037-1","Security update for grafana\n\nThis update for grafana fixes the following issues:\n\n- Security issues fixed:\n\n  - CVE-2026-21722: Public dashboards annotations: use dashboard timerange if time selection disabled (bsc#1258136)\n  - CVE-2026-21721: Fixed access control by the dashboard permissions API (bsc#1257337)\n  - CVE-2026-21720: Fixed unauthenticated DoS (bsc#1257349)\n  - CVE-2025-68156: Fixed potential DoS via unbounded recursion in builtin functions (bsc#1255340)\n  - CVE-2025-3415: Fixed exposure of DingDing alerting integration URL to Viewer level users (bsc#1245302)\n\n- Version update from 11.5.10 to 11.6.11 with the following highlighted changes and fixes:\n \n  - Performance Boost: Introduced WebGL-powered geomaps for smoother map visualizations and\n    removed blurred backgrounds from UI overlays to speed up the interface.\n  - One-Click Actions: Visualizations now support faster navigation via one-click links and actions.\n  - Alerting History: Added version history for alert rules, allowing you to track changes over time.\n  - Service Accounts: Automated the migration of old API keys to more secure Service Accounts upon startup.\n  - Cron Support: Annotations now support Cron syntax for more flexible scheduling.\n  - Identity and Auth: Hardened the Avatar feature (now requires sign-in) and fixed several login redirection issues \n    when Grafana is hosted on a subpath.\n  - Data Source Support: Added support for Cloud Partner Prometheus data sources and improved Azure legend formatting.\n  - Alerting Limits: Added size limits for expanded notification templates to prevent system strain.\n  - RBAC: Integrated Role-Based Access Control (RBAC) into the Alertmanager via the reqAction field.\n  - Data Consistency: Fixed several issues with Graphite and InfluxDB regarding how variables are handled in repeated\n    rows or nested queries.\n  - Dashboard Reliability: Resolved bugs involving row repeats and 'self-referencing' data links.\n  - Alerting Fixes: Patched a critical 'panic' (crash) caused by a race condition in alert rules and fixed issues where\n    contact points weren't working correctly.\n  - URL Handling: Fixed a bug where 'true' values in URL parameters weren't being read correctly\n",null,[],[],[],[14,16,18,20,22],{"_key":15},"CVE-2025-3415",{"_key":17},"CVE-2025-68156",{"_key":19},"CVE-2026-21720",{"_key":21},"CVE-2026-21721",{"_key":23},"CVE-2026-21722",[],[],[27,28,29,30,31],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},"2026-03-25T10:31:04Z","2026-03-26T09:02:58.752679Z",{"cisa_kev":35,"cisa_ransomware":35,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[37,44,49,53,57,61,65,70,74,78,82],{"url":38,"sources":39,"tags":42},"https://www.suse.com/support/update/announcement/2026/suse-su-20261037-1/",[40,41],"osv_suse","osv_opensuse",[43],"Advisory",{"url":45,"sources":46,"tags":47},"https://bugzilla.suse.com/1245302",[40,41],[48],"REPORT",{"url":50,"sources":51,"tags":52},"https://bugzilla.suse.com/1255340",[40,41],[48],{"url":54,"sources":55,"tags":56},"https://bugzilla.suse.com/1257337",[40,41],[48],{"url":58,"sources":59,"tags":60},"https://bugzilla.suse.com/1257349",[40,41],[48],{"url":62,"sources":63,"tags":64},"https://bugzilla.suse.com/1258136",[40,41],[48],{"url":66,"sources":67,"tags":68},"https://www.suse.com/security/cve/CVE-2025-3415",[40,41],[69],"WEB",{"url":71,"sources":72,"tags":73},"https://www.suse.com/security/cve/CVE-2025-68156",[40,41],[69],{"url":75,"sources":76,"tags":77},"https://www.suse.com/security/cve/CVE-2026-21720",[40,41],[69],{"url":79,"sources":80,"tags":81},"https://www.suse.com/security/cve/CVE-2026-21721",[40,41],[69],{"url":83,"sources":84,"tags":85},"https://www.suse.com/security/cve/CVE-2026-21722",[40,41],[69],[],[],[],[90,103],{"ecosystem":91,"name":92,"vendor":93,"product":94,"cpe_part":9,"purl_type":95,"purl_namespace":93,"purl_name":94,"source":9,"versions":96},"openSUSE","grafana","opensuse","grafana&distro=openSUSE Leap 15.6","rpm",[97],{"version":98,"is_range":99,"range_type":100,"version_start":9,"version_start_type":9,"version_end":101,"version_end_type":102,"fixed_in":9},"lt11_6_11_150200_3_83_1",true,"ecosystem","11.6.11-150200.3.83.1","excluding",{"ecosystem":104,"name":92,"vendor":105,"product":106,"cpe_part":9,"purl_type":95,"purl_namespace":105,"purl_name":106,"source":9,"versions":107},"SUSE Linux Enterprise","suse","grafana&distro=SUSE Linux Enterprise Module for Package Hub 15 SP7",[108],{"version":98,"is_range":99,"range_type":100,"version_start":9,"version_start_type":9,"version_end":101,"version_end_type":102,"fixed_in":9}]