VYPR
Vendor

Prometheus

Products
1
CVEs
6
Across products
6
Status
Private

Products

1

Recent CVEs

6
  • CVE-2026-42154HigMay 4, 2026
    risk 0.42cvss 7.5epss 0.01

    Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated…

  • CVE-2026-42151HigMay 4, 2026
    risk 0.42cvss 7.5epss 0.00

    Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write OAuth configuration (storage/remote/azuread) was typed as string instead of Secret. Prometheus redacts fields of type…

  • CVE-2026-44903MedMay 26, 2026
    risk 0.33cvss 6.1epss 0.00

    Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI (enabled via the command-line flag --enable-feature=old-ui), the histogram heatmap chart view does not escape le label values…

  • CVE-2026-40179MedApr 15, 2026
    risk 0.33cvss 6.1epss 0.00

    Prometheus is an open-source monitoring system and time series database. Versions 3.0 through 3.5.1 and 3.6.0 through 3.11.1 have stored cross-site scripting vulnerabilities in multiple components of the Prometheus web UI where metric names and label values are injected into…

  • CVE-2021-29622May 19, 2021
    risk 0.07cvss epss 0.20

    Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an…

  • CVE-2020-16248Aug 9, 2020
    risk 0.00cvss epss 0.03

    Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability