CVEs affecting projects tracked on Release Alert, from NVD & OSV.
Grafana version < 6.7.3 is vulnerable for annotation popup XSS.