Vulnerabilities > Prometheus
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-25 | CVE-2023-40577 | Cross-site Scripting vulnerability in multiple products Alertmanager handles alerts sent by client applications such as the Prometheus server. | 5.4 |
| 2023-04-26 | CVE-2023-26735 | Server-Side Request Forgery (SSRF) vulnerability in Prometheus Blackbox Exporter 0.23.0 blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. | 7.5 |
| 2022-11-29 | CVE-2022-46146 | Incorrect Implementation of Authentication Algorithm vulnerability in Prometheus Exporter Toolkit Prometheus Exporter Toolkit is a utility package to build exporters. | 8.8 |
| 2022-02-15 | CVE-2022-21698 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. | 7.5 |
| 2021-05-19 | CVE-2021-29622 | Open Redirect vulnerability in Prometheus Prometheus is an open-source monitoring system and time series database. | 5.8 |
| 2020-08-09 | CVE-2020-16248 | Server-Side Request Forgery (SSRF) vulnerability in Prometheus Blackbox Exporter Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. | 5.8 |
| 2019-03-26 | CVE-2019-3826 | Cross-site Scripting vulnerability in multiple products A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. | 6.1 |