InfluxDB - 7 CVEs (Page 1/1)

About “InfluxDB”

A curated feed of “InfluxDB”-related CVEs appears below. We currently track 7 CVEs for this tag (all time). In the last 365 days, 1 were published. Average CVSS is 7.9 (all time; 7.5 over 365d), and 71% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-306 - Missing Authentication for Critical Function.

In our taxonomy this topic maps to a MODERATE impact class. Databases, proxies, and web servers often need coordinated restarts and config checks. Patch only modules you deploy, verify TLS and authentication, and tune limits. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: influxdb

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

Cycle	Release	Latest	EOL
3.9	2026-04-02	3.9.3	-
3.8	2025-12-18	3.8.3	-
3.7	2025-11-19	3.7.0	2026-04-02 Expired
3.6	2025-10-30	3.6.0	2025-12-18 Expired
3.5	2025-09-29	3.5.0	2025-11-19 Expired
3.4	2025-08-26	3.4.2	2025-10-30 Expired
3.3	2025-07-29	3.3.0	2025-09-29 Expired
3.2	2025-06-25	3.2.1	2025-08-26 Expired
3.1	2025-05-28	3.1.0	2025-07-30 Expired
3.0	2025-04-14	3.0.3	2025-06-25 Expired
2	2020-11-09	2.9.1	-
1	2016-09-07	1.12.4	-

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS · RSS (expired) · ICS

Subscribe CVEs: RSS for “InfluxDB” · RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0

2026-02-06

High

CVE-2026-25751

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrati…

CVSS: 7.5 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD

2024-11-21

Critical

CVE-2024-30896

InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default org…

CVSS: 9.1 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD

2022-09-02

Critical

CVE-2022-36640

influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because…

CVSS: 9.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD

2020-11-19

Critical

CVE-2019-20933

InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD

2020-03-02

Medium

CVE-2018-17572

InfluxDB 0.9.5 has Reflected XSS in the Write Data module.

CVSS: 4.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2019-05-31

High

CVE-2019-10329

Jenkins InfluxDB Plugin 1.21 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

CVSS: 8.8 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD

2018-12-20

Medium

CVE-2018-1000816

Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD