Nixpkgs security tracker
6.5 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): None (N)
- Availability (A): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): None (N)
by @mweinelt Activity log
- Created suggestion
-
@mweinelt
ignored
37 packages
- python312Packages.grafanalib
- terraform-providers.grafana
- python313Packages.grafanalib
- python314Packages.grafanalib
- haskellPackages.amazonka-grafana
- grafanaPlugins.grafana-oncall-app
- grafanaPlugins.grafana-clock-panel
- terraform-providers.grafana_grafana
- grafanaPlugins.grafana-pyroscope-app
- python312Packages.mypy-boto3-grafana
- python313Packages.mypy-boto3-grafana
- python314Packages.mypy-boto3-grafana
- grafanaPlugins.grafana-piechart-panel
- grafanaPlugins.grafana-polystat-panel
- grafanaPlugins.grafana-worldmap-panel
- grafanaPlugins.grafana-lokiexplore-app
- grafanaPlugins.grafana-mqtt-datasource
- grafanaPlugins.grafana-exploretraces-app
- grafanaPlugins.grafana-github-datasource
- grafanaPlugins.grafana-sentry-datasource
- grafanaPlugins.grafana-discourse-datasource
- grafanaPlugins.grafana-metricsdrilldown-app
- python312Packages.types-aiobotocore-grafana
- python313Packages.types-aiobotocore-grafana
- grafanaPlugins.grafana-clickhouse-datasource
- grafanaPlugins.grafana-opensearch-datasource
- grafanaPlugins.grafana-googlesheets-datasource
- grafanactl
- mcp-grafana
- grafana-loki
- grafana-alloy
- grafana-kiosk
- garmin-grafana
- grafana-to-ntfy
- grafana-dash-n-grab
- grafana-image-renderer
- dhallPackages.dhall-grafana
- @mweinelt accepted
- @mweinelt published on GitHub
Public dashboards discloses all direct mode datasources
When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve your deployments' security.
References
Affected products
- <v11.6.14
- <v12.3.6
- <v12.4.2
- <v12.2.8
- <v12.1.10
Matching in nixpkgs
Ignored packages (37)
pkgs.grafanactl
Tool designed to simplify interaction with Grafana instances
pkgs.mcp-grafana
MCP server for Grafana
pkgs.grafana-loki
Like Prometheus, but for logs
pkgs.grafana-alloy
Open source OpenTelemetry Collector distribution with built-in Prometheus pipelines and support for metrics, logs, traces, and profiles
pkgs.grafana-kiosk
Kiosk Utility for Grafana
pkgs.garmin-grafana
Export Garmin data to InfluxDB
pkgs.grafana-to-ntfy
Grafana-to-ntfy (ntfy.sh) alerts channel
-
nixos-unstable 0-unstable-2025-01-25
- nixpkgs-unstable 0-unstable-2025-01-25
- nixos-unstable-small 0-unstable-2025-01-25
-
nixos-25.11 0-unstable-2025-01-25
- nixos-25.11-small 0-unstable-2025-01-25
- nixpkgs-25.11-darwin 0-unstable-2025-01-25
pkgs.grafana-dash-n-grab
Grafana Dash-n-Grab (gdg) -- backup and restore Grafana dashboards, datasources, and other entities
pkgs.grafana-image-renderer
Grafana backend plugin that handles rendering of panels & dashboards to PNGs using headless browser (Chromium/Chrome)
pkgs.dhallPackages.dhall-grafana
None
-
nixos-unstable 49a3ee4801cf64f479e3f0bad839a5dd8e5b4932
- nixpkgs-unstable 49a3ee4801cf64f479e3f0bad839a5dd8e5b4932
- nixos-unstable-small 49a3ee4801cf64f479e3f0bad839a5dd8e5b4932
-
nixos-25.11 49a3ee4801cf64f479e3f0bad839a5dd8e5b4932
- nixos-25.11-small 49a3ee4801cf64f479e3f0bad839a5dd8e5b4932
- nixpkgs-25.11-darwin 49a3ee4801cf64f479e3f0bad839a5dd8e5b4932
pkgs.terraform-providers.grafana
None
pkgs.python312Packages.grafanalib
Library for building Grafana dashboards
pkgs.python313Packages.grafanalib
Library for building Grafana dashboards
pkgs.python314Packages.grafanalib
Library for building Grafana dashboards
pkgs.haskellPackages.amazonka-grafana
Amazon Managed Grafana SDK
-
nixos-unstable 2.0-unstable-2025-04-16
- nixpkgs-unstable 2.0-unstable-2025-04-16
- nixos-unstable-small 2.0-unstable-2025-04-16
-
nixos-25.11 2.0-unstable-2025-04-16
- nixos-25.11-small 2.0-unstable-2025-04-16
- nixpkgs-25.11-darwin 2.0-unstable-2025-04-16
pkgs.grafanaPlugins.grafana-oncall-app
Developer-friendly incident response for Grafana
pkgs.grafanaPlugins.grafana-clock-panel
Clock panel for Grafana
pkgs.terraform-providers.grafana_grafana
None
pkgs.grafanaPlugins.grafana-pyroscope-app
Integrate seamlessly with Pyroscope, the open-source continuous profiling platform, providing a smooth, query-less experience for browsing and analyzing profiling data
pkgs.python312Packages.mypy-boto3-grafana
Type annotations for boto3 grafana
-
nixos-25.11 boto3-grafana-1.41.0
- nixos-25.11-small boto3-grafana-1.41.0
- nixpkgs-25.11-darwin boto3-grafana-1.41.0
pkgs.python313Packages.mypy-boto3-grafana
Type annotations for boto3 grafana
-
nixos-unstable boto3-grafana-1.42.51
- nixpkgs-unstable boto3-grafana-1.42.51
- nixos-unstable-small boto3-grafana-1.42.51
-
nixos-25.11 boto3-grafana-1.41.0
- nixos-25.11-small boto3-grafana-1.41.0
- nixpkgs-25.11-darwin boto3-grafana-1.41.0
pkgs.python314Packages.mypy-boto3-grafana
Type annotations for boto3 grafana
-
nixos-unstable boto3-grafana-1.42.51
- nixpkgs-unstable boto3-grafana-1.42.51
- nixos-unstable-small boto3-grafana-1.42.51
pkgs.grafanaPlugins.grafana-piechart-panel
Pie chart panel for Grafana
pkgs.grafanaPlugins.grafana-polystat-panel
Hexagonal multi-stat panel for Grafana
pkgs.grafanaPlugins.grafana-worldmap-panel
World Map panel for Grafana
pkgs.grafanaPlugins.grafana-lokiexplore-app
Browse Loki logs without the need for writing complex queries
pkgs.grafanaPlugins.grafana-mqtt-datasource
Visualize streaming MQTT data from within Grafana
-
nixos-unstable 1.1.0-beta.3
- nixpkgs-unstable 1.1.0-beta.3
- nixos-unstable-small 1.1.0-beta.3
-
nixos-25.11 1.1.0-beta.3
- nixos-25.11-small 1.1.0-beta.3
- nixpkgs-25.11-darwin 1.1.0-beta.3
pkgs.grafanaPlugins.grafana-exploretraces-app
Opinionated traces app
pkgs.grafanaPlugins.grafana-github-datasource
Allows GitHub API data to be visually represented in Grafana dashboards
pkgs.grafanaPlugins.grafana-sentry-datasource
Integrate Sentry data into Grafana
pkgs.grafanaPlugins.grafana-discourse-datasource
Allows users to search and view topics, posts, users, tags, categories, and reports on a given Discourse forum through Grafana
pkgs.grafanaPlugins.grafana-metricsdrilldown-app
Queryless experience for browsing Prometheus-compatible metrics. Quickly find related metrics without writing PromQL queries
pkgs.python312Packages.types-aiobotocore-grafana
Type annotations for aiobotocore grafana
pkgs.python313Packages.types-aiobotocore-grafana
Type annotations for aiobotocore grafana
pkgs.grafanaPlugins.grafana-clickhouse-datasource
Connects Grafana to ClickHouse
pkgs.grafanaPlugins.grafana-opensearch-datasource
Empowers you to seamlessly integrate JSON data into Grafana
Package maintainers
-
@Frostman Sergei Lukianov <me@slukjanov.name>
-
@globin Robin Gloster <mail@glob.in>
-
@fpletz Franz Pletz <fpletz@fnordicwalking.de>
-
@offlinehacker Jaka Hudoklin <jaka@x-truder.net>
-
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
-
@WilliButz Willi Butz <willibutz@posteo.de>
-
@ryan4yin Ryan Yin <xiaoyin_c@qq.com>