CVEs affecting projects tracked on Release Alert, from NVD & OSV.
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.