Nixpkgs Security Tracker

Untriaged

Permalink CVE-2026-27877

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 2 days, 5 hours ago

Public dashboards discloses all direct mode datasources

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve your deployments' security.

References

https://grafana.com/security/security-advisories/cve-2026-27877 vendor-advisory
https://grafana.com/security/security-advisories/cve-2026-27877 broken-link

Affected products

Grafana

<v12.3.6
<v12.2.8
<v12.4.2
<v12.1.10
<v11.6.14

Matching in nixpkgs

pkgs.grafana

Gorgeous metric viz, dashboards & editors for Graphite, InfluxDB & OpenTSDB

nixos-unstable 12.4.1
- nixpkgs-unstable 12.4.1
- nixos-unstable-small 12.4.1
nixos-25.11 12.3.5
- nixos-25.11-small 12.3.5
- nixpkgs-25.11-darwin 12.3.5

pkgs.grafanactl

Tool designed to simplify interaction with Grafana instances

nixos-unstable 0.1.9
- nixpkgs-unstable 0.1.9
- nixos-unstable-small 0.1.9
nixos-25.11 0.1.7
- nixos-25.11-small 0.1.7
- nixpkgs-25.11-darwin 0.1.7

pkgs.mcp-grafana

MCP server for Grafana

nixos-unstable 0.11.3
- nixpkgs-unstable 0.11.3
- nixos-unstable-small 0.11.3
nixos-25.11 0.7.9
- nixos-25.11-small 0.7.9
- nixpkgs-25.11-darwin 0.7.9

pkgs.grafana-loki

Like Prometheus, but for logs

nixos-unstable 3.6.7
- nixpkgs-unstable 3.6.7
- nixos-unstable-small 3.6.8
nixos-25.11 3.6.3
- nixos-25.11-small 3.6.3
- nixpkgs-25.11-darwin 3.6.3

pkgs.grafana-alloy

Open source OpenTelemetry Collector distribution with built-in Prometheus pipelines and support for metrics, logs, traces, and profiles

nixos-unstable 1.14.1
- nixpkgs-unstable 1.14.1
- nixos-unstable-small 1.14.1
nixos-25.11 1.12.2
- nixos-25.11-small 1.12.2
- nixpkgs-25.11-darwin 1.12.2

pkgs.grafana-kiosk

Kiosk Utility for Grafana

nixos-unstable 1.0.10
- nixpkgs-unstable 1.0.10
- nixos-unstable-small 1.0.10
nixos-25.11 1.0.10
- nixos-25.11-small 1.0.10
- nixpkgs-25.11-darwin 1.0.10

pkgs.garmin-grafana

Export Garmin data to InfluxDB

nixos-unstable 0.3.0
- nixpkgs-unstable 0.3.0
- nixos-unstable-small 0.3.0

pkgs.grafana-to-ntfy

Grafana-to-ntfy (ntfy.sh) alerts channel

nixos-unstable 0-unstable-2025-01-25
- nixpkgs-unstable 0-unstable-2025-01-25
- nixos-unstable-small 0-unstable-2025-01-25
nixos-25.11 0-unstable-2025-01-25
- nixos-25.11-small 0-unstable-2025-01-25
- nixpkgs-25.11-darwin 0-unstable-2025-01-25

pkgs.grafana-dash-n-grab

Grafana Dash-n-Grab (gdg) -- backup and restore Grafana dashboards, datasources, and other entities

nixos-unstable 0.9.2
- nixpkgs-unstable 0.9.2
- nixos-unstable-small 0.9.2
nixos-25.11 0.8.1
- nixos-25.11-small 0.8.1
- nixpkgs-25.11-darwin 0.8.1

pkgs.grafana-image-renderer

Grafana backend plugin that handles rendering of panels & dashboards to PNGs using headless browser (Chromium/Chrome)

nixos-unstable 5.7.2
- nixpkgs-unstable 5.7.2
- nixos-unstable-small 5.7.2
nixos-25.11 5.0.11
- nixos-25.11-small 5.0.11
- nixpkgs-25.11-darwin 5.0.11

pkgs.dhallPackages.dhall-grafana

None

nixos-unstable 49a3ee4801cf64f479e3f0bad839a5dd8e5b4932
- nixpkgs-unstable 49a3ee4801cf64f479e3f0bad839a5dd8e5b4932
- nixos-unstable-small 49a3ee4801cf64f479e3f0bad839a5dd8e5b4932
nixos-25.11 49a3ee4801cf64f479e3f0bad839a5dd8e5b4932
- nixos-25.11-small 49a3ee4801cf64f479e3f0bad839a5dd8e5b4932
- nixpkgs-25.11-darwin 49a3ee4801cf64f479e3f0bad839a5dd8e5b4932

pkgs.terraform-providers.grafana

None

nixos-unstable 4.28.1
- nixpkgs-unstable 4.28.1
- nixos-unstable-small 4.28.1
nixos-25.11 4.17.0
- nixos-25.11-small 4.17.0
- nixpkgs-25.11-darwin 4.17.0

pkgs.python312Packages.grafanalib

Library for building Grafana dashboards

nixos-25.11 0.7.1
- nixos-25.11-small 0.7.1
- nixpkgs-25.11-darwin 0.7.1

pkgs.python313Packages.grafanalib

Library for building Grafana dashboards

nixos-unstable 0.7.1
- nixpkgs-unstable 0.7.1
- nixos-unstable-small 0.7.1
nixos-25.11 0.7.1
- nixos-25.11-small 0.7.1
- nixpkgs-25.11-darwin 0.7.1

pkgs.python314Packages.grafanalib

Library for building Grafana dashboards

nixos-unstable 0.7.1
- nixpkgs-unstable 0.7.1
- nixos-unstable-small 0.7.1

pkgs.haskellPackages.amazonka-grafana

Amazon Managed Grafana SDK

nixos-unstable 2.0-unstable-2025-04-16
- nixpkgs-unstable 2.0-unstable-2025-04-16
- nixos-unstable-small 2.0-unstable-2025-04-16
nixos-25.11 2.0-unstable-2025-04-16
- nixos-25.11-small 2.0-unstable-2025-04-16
- nixpkgs-25.11-darwin 2.0-unstable-2025-04-16

pkgs.grafanaPlugins.grafana-oncall-app

Developer-friendly incident response for Grafana

nixos-unstable 1.16.11
- nixpkgs-unstable 1.16.11
- nixos-unstable-small 1.16.11
nixos-25.11 1.16.6
- nixos-25.11-small 1.16.6
- nixpkgs-25.11-darwin 1.16.6

pkgs.grafanaPlugins.grafana-clock-panel

Clock panel for Grafana

nixos-unstable 2.1.9
- nixpkgs-unstable 2.1.9
- nixos-unstable-small 2.1.9
nixos-25.11 2.1.9
- nixos-25.11-small 2.1.9
- nixpkgs-25.11-darwin 2.1.9

pkgs.terraform-providers.grafana_grafana

None

nixos-unstable 4.28.1
- nixpkgs-unstable 4.28.1
- nixos-unstable-small 4.28.1
nixos-25.11 4.17.0
- nixos-25.11-small 4.17.0
- nixpkgs-25.11-darwin 4.17.0

pkgs.grafanaPlugins.grafana-pyroscope-app

Integrate seamlessly with Pyroscope, the open-source continuous profiling platform, providing a smooth, query-less experience for browsing and analyzing profiling data

nixos-unstable 1.17.0
- nixpkgs-unstable 1.17.0
- nixos-unstable-small 1.17.0
nixos-25.11 1.11.0
- nixos-25.11-small 1.11.0
- nixpkgs-25.11-darwin 1.11.0

pkgs.python312Packages.mypy-boto3-grafana

Type annotations for boto3 grafana

nixos-25.11 boto3-grafana-1.41.0
- nixos-25.11-small boto3-grafana-1.41.0
- nixpkgs-25.11-darwin boto3-grafana-1.41.0

pkgs.python313Packages.mypy-boto3-grafana

Type annotations for boto3 grafana

nixos-unstable boto3-grafana-1.42.51
- nixpkgs-unstable boto3-grafana-1.42.51
- nixos-unstable-small boto3-grafana-1.42.51
nixos-25.11 boto3-grafana-1.41.0
- nixos-25.11-small boto3-grafana-1.41.0
- nixpkgs-25.11-darwin boto3-grafana-1.41.0

pkgs.python314Packages.mypy-boto3-grafana

Type annotations for boto3 grafana

nixos-unstable boto3-grafana-1.42.51
- nixpkgs-unstable boto3-grafana-1.42.51
- nixos-unstable-small boto3-grafana-1.42.51

pkgs.grafanaPlugins.grafana-piechart-panel

Pie chart panel for Grafana

nixos-unstable 1.6.4
- nixpkgs-unstable 1.6.4
- nixos-unstable-small 1.6.4
nixos-25.11 1.6.4
- nixos-25.11-small 1.6.4
- nixpkgs-25.11-darwin 1.6.4

pkgs.grafanaPlugins.grafana-polystat-panel

Hexagonal multi-stat panel for Grafana

nixos-unstable 2.1.16
- nixpkgs-unstable 2.1.16
- nixos-unstable-small 2.1.16
nixos-25.11 2.1.15
- nixos-25.11-small 2.1.15
- nixpkgs-25.11-darwin 2.1.15

pkgs.grafanaPlugins.grafana-worldmap-panel

World Map panel for Grafana

nixos-unstable 1.0.6
- nixpkgs-unstable 1.0.6
- nixos-unstable-small 1.0.6
nixos-25.11 1.0.6
- nixos-25.11-small 1.0.6
- nixpkgs-25.11-darwin 1.0.6

pkgs.grafanaPlugins.grafana-lokiexplore-app

Browse Loki logs without the need for writing complex queries

nixos-unstable 1.0.41
- nixpkgs-unstable 1.0.41
- nixos-unstable-small 2.0.0
nixos-25.11 1.0.31
- nixos-25.11-small 1.0.31
- nixpkgs-25.11-darwin 1.0.31

pkgs.grafanaPlugins.grafana-mqtt-datasource

Visualize streaming MQTT data from within Grafana

nixos-unstable 1.1.0-beta.3
- nixpkgs-unstable 1.1.0-beta.3
- nixos-unstable-small 1.1.0-beta.3
nixos-25.11 1.1.0-beta.3
- nixos-25.11-small 1.1.0-beta.3
- nixpkgs-25.11-darwin 1.1.0-beta.3

pkgs.grafanaPlugins.grafana-exploretraces-app

Opinionated traces app

nixos-unstable 2.0.0
- nixpkgs-unstable 1.3.3
- nixos-unstable-small 2.0.0
nixos-25.11 1.2.0
- nixos-25.11-small 1.2.0
- nixpkgs-25.11-darwin 1.2.0

pkgs.grafanaPlugins.grafana-github-datasource

Allows GitHub API data to be visually represented in Grafana dashboards

nixos-unstable 1.9.2
- nixpkgs-unstable 1.9.2
- nixos-unstable-small 1.9.2
nixos-25.11 1.9.2
- nixos-25.11-small 1.9.2
- nixpkgs-25.11-darwin 1.9.2

pkgs.grafanaPlugins.grafana-sentry-datasource

Integrate Sentry data into Grafana

nixos-unstable 2.2.1
- nixpkgs-unstable 2.2.1
- nixos-unstable-small 2.2.1
nixos-25.11 2.2.1
- nixos-25.11-small 2.2.1
- nixpkgs-25.11-darwin 2.2.1

pkgs.grafanaPlugins.grafana-discourse-datasource

Allows users to search and view topics, posts, users, tags, categories, and reports on a given Discourse forum through Grafana

nixos-unstable 2.0.2
- nixpkgs-unstable 2.0.2
- nixos-unstable-small 2.0.2
nixos-25.11 2.0.2
- nixos-25.11-small 2.0.2
- nixpkgs-25.11-darwin 2.0.2

pkgs.grafanaPlugins.grafana-metricsdrilldown-app

Queryless experience for browsing Prometheus-compatible metrics. Quickly find related metrics without writing PromQL queries

nixos-unstable 2.0.0
- nixpkgs-unstable 1.0.34
- nixos-unstable-small 2.0.0
nixos-25.11 1.0.22
- nixos-25.11-small 1.0.22
- nixpkgs-25.11-darwin 1.0.22

pkgs.python312Packages.types-aiobotocore-grafana

Type annotations for aiobotocore grafana

nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

pkgs.python313Packages.types-aiobotocore-grafana

Type annotations for aiobotocore grafana

nixos-unstable 3.2.1
- nixpkgs-unstable 3.2.1
- nixos-unstable-small 3.2.1
nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

pkgs.grafanaPlugins.grafana-clickhouse-datasource

Connects Grafana to ClickHouse

nixos-unstable 4.8.2
- nixpkgs-unstable 4.8.2
- nixos-unstable-small 4.8.2
nixos-25.11 4.8.2
- nixos-25.11-small 4.8.2
- nixpkgs-25.11-darwin 4.8.2

pkgs.grafanaPlugins.grafana-opensearch-datasource

Empowers you to seamlessly integrate JSON data into Grafana

nixos-unstable 2.24.0
- nixpkgs-unstable 2.24.0
- nixos-unstable-small 2.24.0
nixos-25.11 2.24.0
- nixos-25.11-small 2.24.0
- nixpkgs-25.11-darwin 2.24.0

pkgs.grafanaPlugins.grafana-googlesheets-datasource

Integrate JSON data into Grafana

nixos-unstable 1.2.14
- nixpkgs-unstable 1.2.14
- nixos-unstable-small 1.2.14
nixos-25.11 1.2.14
- nixos-25.11-small 1.2.14
- nixpkgs-25.11-darwin 1.2.14

Package maintainers

@Frostman Sergei Lukianov <me@slukjanov.name>
@globin Robin Gloster <mail@glob.in>
@fpletz Franz Pletz <fpletz@fnordicwalking.de>
@offlinehacker Jaka Hudoklin <jaka@x-truder.net>
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
@WilliButz Willi Butz <willibutz@posteo.de>
@ryan4yin Ryan Yin <xiaoyin_c@qq.com>
@hbjydev Hayden Young <hayden@kuraudo.io>
@azahi Azat Bahawi <azat@bahawi.net>
@flokli Florian Klink <flokli@flokli.de>
@cdepillabout Dennis Gosnell <cdep.illabout@gmail.com>
@wraithm Matthew Wraith <wraithm@gmail.com>
@marcusramberg Marcus Ramberg <marcus@means.no>
@mmahut Marek Mahut <marek.mahut@gmail.com>
@emilylange Emily Lange <nix@emilylange.de>
@Kranzes Ilan Joselevich <personal@ilanjoselevich.com>
@michaelgrahamevans Michael Evans <michaelgrahamevans@gmail.com>
@mbalatsko Maksym Balatsko <mbalatsko@gmail.com>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@aciceri Andrea Ciceri <andrea.ciceri@autistici.org>
@majiru Jacob Moody <moody@posixcafe.org>
@lukegb Luke Granger-Brown <nix@lukegb.com>
@nagisa Simonas Kazlauskas <nixpkgs@kazlauskas.me>
@loispostula Loïs Postula <lois@postu.la>
@MarcelCoding Marcel <me@m4rc3l.de>
@arianvp Arian van Putten <arian.vanputten@gmail.com>
@wcarlsen Willi Carlsen <carlsenwilli@gmail.com>
@pilz0 Pilz <nix@pilz.foo>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.grafana

pkgs.grafanactl

pkgs.mcp-grafana

pkgs.grafana-loki

pkgs.grafana-alloy

pkgs.grafana-kiosk

pkgs.garmin-grafana

pkgs.grafana-to-ntfy

pkgs.grafana-dash-n-grab

pkgs.grafana-image-renderer

pkgs.dhallPackages.dhall-grafana

pkgs.terraform-providers.grafana

pkgs.python312Packages.grafanalib

pkgs.python313Packages.grafanalib

pkgs.python314Packages.grafanalib

pkgs.haskellPackages.amazonka-grafana

pkgs.grafanaPlugins.grafana-oncall-app

pkgs.grafanaPlugins.grafana-clock-panel

pkgs.terraform-providers.grafana_grafana

pkgs.grafanaPlugins.grafana-pyroscope-app

pkgs.python312Packages.mypy-boto3-grafana

pkgs.python313Packages.mypy-boto3-grafana

pkgs.python314Packages.mypy-boto3-grafana

pkgs.grafanaPlugins.grafana-piechart-panel

pkgs.grafanaPlugins.grafana-polystat-panel

pkgs.grafanaPlugins.grafana-worldmap-panel

pkgs.grafanaPlugins.grafana-lokiexplore-app

pkgs.grafanaPlugins.grafana-mqtt-datasource

pkgs.grafanaPlugins.grafana-exploretraces-app

pkgs.grafanaPlugins.grafana-github-datasource

pkgs.grafanaPlugins.grafana-sentry-datasource

pkgs.grafanaPlugins.grafana-discourse-datasource

pkgs.grafanaPlugins.grafana-metricsdrilldown-app

pkgs.python312Packages.types-aiobotocore-grafana

pkgs.python313Packages.types-aiobotocore-grafana

pkgs.grafanaPlugins.grafana-clickhouse-datasource

pkgs.grafanaPlugins.grafana-opensearch-datasource

pkgs.grafanaPlugins.grafana-googlesheets-datasource

Package maintainers