pkg:Go/github.com/prometheus/prometheus
6 total CVEsHIGH2MEDIUM4
✅ Check your installed version
All known vulnerabilities
HIGH7.5CVE-2026-42154Prometheus: remote read endpoint allows denial of service via crafted snappy payload from 0, < 0.311.3
HIGH7.5CVE-2026-42151Prometheus Azure AD remote write OAuth client secret exposed via config API >= 0.45.2, < 0.311.3
MEDIUM6.1CVE-2026-44903Prometheus: Stored XSS via crafted histogram bucket label values in the heatmap display of the old Prometheus web UI from 0, < 0.311.3
MEDIUM6.1Prometheus: Stored XSS via metric names and label values in web UI tooltips and metrics explorer
>= 3.0.0, <= 3.5.1
MEDIUM6.1Arbitrary redirects under /new endpoint
>= 2.23.0, < 2.26.1
MEDIUM5.4Withdrawn Advisory: Prometheus XSS Vulnerability
from 0, < 2.7.1