github.com/grafana/tempo
Go2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/grafana/tempopage 1 of 1
- CVE-2026-21728HIGHCVSS 7.5EG 7.5✓ Fixed in 2.10.22026-04-24
Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting max_result_limit in the search config, e.g. to 26…
- CVE-2026-28377HIGHCVSS 7.5EG 7.5✓ Fixed in 2.10.32026-03-26
A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to william_go…
Check whether github.com/grafana/tempo is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/grafana/tempo CVEs against the assets you own.
Start Free Scan →