7.5 HIGH
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
OpenFeature evaluation API reads input data with no bounds
The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes.
References
Affected products
- <v12.1.10
- <v12.3.6
- <v12.4.2
- <v12.2.8
Matching in nixpkgs
pkgs.grafana
Gorgeous metric viz, dashboards & editors for Graphite, InfluxDB & OpenTSDB
pkgs.grafanactl
Tool designed to simplify interaction with Grafana instances
pkgs.mcp-grafana
MCP server for Grafana
pkgs.grafana-loki
Like Prometheus, but for logs
pkgs.grafana-alloy
Open source OpenTelemetry Collector distribution with built-in Prometheus pipelines and support for metrics, logs, traces, and profiles
pkgs.grafana-kiosk
Kiosk Utility for Grafana
pkgs.garmin-grafana
Export Garmin data to InfluxDB
pkgs.grafana-to-ntfy
Grafana-to-ntfy (ntfy.sh) alerts channel
-
nixos-unstable 0-unstable-2025-01-25
- nixpkgs-unstable 0-unstable-2025-01-25
- nixos-unstable-small 0-unstable-2025-01-25
-
nixos-25.11 0-unstable-2025-01-25
- nixos-25.11-small 0-unstable-2025-01-25
- nixpkgs-25.11-darwin 0-unstable-2025-01-25
pkgs.grafana-dash-n-grab
Grafana Dash-n-Grab (gdg) -- backup and restore Grafana dashboards, datasources, and other entities
pkgs.grafana-image-renderer
Grafana backend plugin that handles rendering of panels & dashboards to PNGs using headless browser (Chromium/Chrome)
pkgs.dhallPackages.dhall-grafana
None
-
nixos-unstable 49a3ee4801cf64f479e3f0bad839a5dd8e5b4932
- nixpkgs-unstable 49a3ee4801cf64f479e3f0bad839a5dd8e5b4932
- nixos-unstable-small 49a3ee4801cf64f479e3f0bad839a5dd8e5b4932
-
nixos-25.11 49a3ee4801cf64f479e3f0bad839a5dd8e5b4932
- nixos-25.11-small 49a3ee4801cf64f479e3f0bad839a5dd8e5b4932
- nixpkgs-25.11-darwin 49a3ee4801cf64f479e3f0bad839a5dd8e5b4932
pkgs.terraform-providers.grafana
None
pkgs.python312Packages.grafanalib
Library for building Grafana dashboards
pkgs.python313Packages.grafanalib
Library for building Grafana dashboards
pkgs.python314Packages.grafanalib
Library for building Grafana dashboards
pkgs.haskellPackages.amazonka-grafana
Amazon Managed Grafana SDK
-
nixos-unstable 2.0-unstable-2025-04-16
- nixpkgs-unstable 2.0-unstable-2025-04-16
- nixos-unstable-small 2.0-unstable-2025-04-16
-
nixos-25.11 2.0-unstable-2025-04-16
- nixos-25.11-small 2.0-unstable-2025-04-16
- nixpkgs-25.11-darwin 2.0-unstable-2025-04-16
pkgs.grafanaPlugins.grafana-oncall-app
Developer-friendly incident response for Grafana
pkgs.grafanaPlugins.grafana-clock-panel
Clock panel for Grafana
pkgs.terraform-providers.grafana_grafana
None
pkgs.grafanaPlugins.grafana-pyroscope-app
Integrate seamlessly with Pyroscope, the open-source continuous profiling platform, providing a smooth, query-less experience for browsing and analyzing profiling data
pkgs.python312Packages.mypy-boto3-grafana
Type annotations for boto3 grafana
-
nixos-25.11 boto3-grafana-1.41.0
- nixos-25.11-small boto3-grafana-1.41.0
- nixpkgs-25.11-darwin boto3-grafana-1.41.0
pkgs.python313Packages.mypy-boto3-grafana
Type annotations for boto3 grafana
-
nixos-unstable boto3-grafana-1.42.51
- nixpkgs-unstable boto3-grafana-1.42.51
- nixos-unstable-small boto3-grafana-1.42.51
-
nixos-25.11 boto3-grafana-1.41.0
- nixos-25.11-small boto3-grafana-1.41.0
- nixpkgs-25.11-darwin boto3-grafana-1.41.0
pkgs.python314Packages.mypy-boto3-grafana
Type annotations for boto3 grafana
-
nixos-unstable boto3-grafana-1.42.51
- nixpkgs-unstable boto3-grafana-1.42.51
- nixos-unstable-small boto3-grafana-1.42.51
pkgs.grafanaPlugins.grafana-piechart-panel
Pie chart panel for Grafana
pkgs.grafanaPlugins.grafana-polystat-panel
Hexagonal multi-stat panel for Grafana
pkgs.grafanaPlugins.grafana-worldmap-panel
World Map panel for Grafana
pkgs.grafanaPlugins.grafana-lokiexplore-app
Browse Loki logs without the need for writing complex queries
pkgs.grafanaPlugins.grafana-mqtt-datasource
Visualize streaming MQTT data from within Grafana
-
nixos-unstable 1.1.0-beta.3
- nixpkgs-unstable 1.1.0-beta.3
- nixos-unstable-small 1.1.0-beta.3
-
nixos-25.11 1.1.0-beta.3
- nixos-25.11-small 1.1.0-beta.3
- nixpkgs-25.11-darwin 1.1.0-beta.3
pkgs.grafanaPlugins.grafana-exploretraces-app
Opinionated traces app
pkgs.grafanaPlugins.grafana-github-datasource
Allows GitHub API data to be visually represented in Grafana dashboards
pkgs.grafanaPlugins.grafana-sentry-datasource
Integrate Sentry data into Grafana
pkgs.grafanaPlugins.grafana-discourse-datasource
Allows users to search and view topics, posts, users, tags, categories, and reports on a given Discourse forum through Grafana
pkgs.grafanaPlugins.grafana-metricsdrilldown-app
Queryless experience for browsing Prometheus-compatible metrics. Quickly find related metrics without writing PromQL queries
pkgs.python312Packages.types-aiobotocore-grafana
Type annotations for aiobotocore grafana
pkgs.python313Packages.types-aiobotocore-grafana
Type annotations for aiobotocore grafana
pkgs.grafanaPlugins.grafana-clickhouse-datasource
Connects Grafana to ClickHouse
pkgs.grafanaPlugins.grafana-opensearch-datasource
Empowers you to seamlessly integrate JSON data into Grafana
Package maintainers
-
@Frostman Sergei Lukianov <me@slukjanov.name>
-
@globin Robin Gloster <mail@glob.in>
-
@fpletz Franz Pletz <fpletz@fnordicwalking.de>
-
@offlinehacker Jaka Hudoklin <jaka@x-truder.net>
-
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
-
@WilliButz Willi Butz <willibutz@posteo.de>
-
@ryan4yin Ryan Yin <xiaoyin_c@qq.com>
-
@hbjydev Hayden Young <hayden@kuraudo.io>
-
@azahi Azat Bahawi <azat@bahawi.net>
-
@flokli Florian Klink <flokli@flokli.de>
-
@cdepillabout Dennis Gosnell <cdep.illabout@gmail.com>
-
@wraithm Matthew Wraith <wraithm@gmail.com>
-
@marcusramberg Marcus Ramberg <marcus@means.no>
-
@mmahut Marek Mahut <marek.mahut@gmail.com>
-
@emilylange Emily Lange <nix@emilylange.de>
-
@Kranzes Ilan Joselevich <personal@ilanjoselevich.com>
-
@michaelgrahamevans Michael Evans <michaelgrahamevans@gmail.com>
-
@mbalatsko Maksym Balatsko <mbalatsko@gmail.com>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@aciceri Andrea Ciceri <andrea.ciceri@autistici.org>
-
@majiru Jacob Moody <moody@posixcafe.org>
-
@lukegb Luke Granger-Brown <nix@lukegb.com>
-
@nagisa Simonas Kazlauskas <nixpkgs@kazlauskas.me>
-
@loispostula Loïs Postula <lois@postu.la>
-
@MarcelCoding Marcel <me@m4rc3l.de>
-
@arianvp Arian van Putten <arian.vanputten@gmail.com>
-
@wcarlsen Willi Carlsen <carlsenwilli@gmail.com>
-
@pilz0 Pilz <nix@pilz.foo>