From dfa15d7649035c390c82fc530ffa2c100d01f87d Mon Sep 17 00:00:00 2001
From: Daniel Vaz Gaspar <danielvazgaspar@gmail.com>
Date: Wed, 28 Feb 2024 14:44:46 +0000
Subject: [PATCH] docs: update CVEs for 3.0.4 and 3.1.1 (#27287)

---
 docs/docs/security/cves.mdx | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/docs/docs/security/cves.mdx b/docs/docs/security/cves.mdx
index eb60cad7d7078..dffe3a91bbfed 100644
--- a/docs/docs/security/cves.mdx
+++ b/docs/docs/security/cves.mdx
@@ -4,6 +4,16 @@ hide_title: true
 sidebar_position: 2
 ---
 
+#### Version 3.0.4, 3.1.1
+
+| CVE            | Title                                                                        |                    Affected |
+|:---------------|:-----------------------------------------------------------------------------|----------------------------:|
+| CVE-2024-27315 | Improper error handling on alerts                                            |  < 3.0.4, >= 3.1.0, < 3.1.1 |
+| CVE-2024-24773 | Improper validation of SQL statements allows for unauthorized access to data |  < 3.0.4, >= 3.1.0, < 3.1.1 |
+| CVE-2024-24772 | Improper Neutralisation of custom SQL on embedded context                    |  < 3.0.4, >= 3.1.0, < 3.1.1 |
+| CVE-2024-24779 | Improper data authorization when creating a new dataset                      |  < 3.0.4, >= 3.1.0, < 3.1.1 |
+| CVE-2024-26016 | Improper authorization validation on dashboards and charts import            |  < 3.0.4, >= 3.1.0, < 3.1.1 |
+
 #### Version 3.0.3
 
 | CVE            | Title                                         | Affected |