CVEs affecting projects tracked on Release Alert, from NVD & OSV.
Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links.