CVEs affecting projects tracked on Release Alert, from NVD & OSV.
Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.