CVE-2026-35053

< 10.0.42

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI expose

9.8CRITICAL

CVE-2026-34840

< 10.0.42

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, OneUptime's SAML SSO implementation (

8.1HIGH

CVE-2026-34759

< 10.0.42

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, multiple notification API endpoints a

8.1HIGH

CVE-2026-34758

< 10.0.40

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, unauthenticated access to Notificatio

9.1CRITICAL

CVE-2026-33396

< 10.0.35

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user (

9.9CRITICAL

CVE-2026-33143

< 10.0.34

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the WhatsApp POST webhook handler (

7.5HIGH

CVE-2026-33142

< 10.0.34

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the fix for CVE-2026-32306 (ClickHo

8.1HIGH

CVE-2026-32598

< 10.0.24

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the complete p

6.5MEDIUM

CVE-2026-32308

< 10.0.23

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the Markdown viewer component renders Merma

7.6HIGH

CVE-2026-32306

< 10.0.23

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the telemetry aggregation API accepts user-

9.9CRITICAL

CVE-2026-30959

< 10.0.21

OneUptime is a solution for monitoring and managing online services. The resend-verification-code endpoint allows any authenticate

5.0MEDIUM

CVE-2026-30958

< 10.0.21

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /w

7.2HIGH

CVE-2026-30957

< 10.0.21

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-pr

9.9CRITICAL

CVE-2026-30956

< 10.0.21

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, a low‑privileged user can bypass authoriz

9.9CRITICAL

CVE-2026-30921

< 10.0.20

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-priv

9.9CRITICAL

CVE-2026-30920

< 10.0.19

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback trusts atta

8.6HIGH

CVE-2026-30887

< 10.0.18

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.18, OneUptime allows project members to run cus

9.9CRITICAL

CVE-2026-28787

<= 10.0.11

OneUptime is a solution for monitoring and managing online services. In version 10.0.11 and prior, the WebAuthn authentication imp

8.2HIGH

CVE-2026-27728

< 10.0.7

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.7, an OS command injection vulnerabilit

9.9CRITICAL

CVE-2026-27574

< 10.0.5

OneUptime is a solution for monitoring and managing online services. In versions 9.5.13 and below, custom JavaScript monitor featu

9.9CRITICAL

CVE-2025-66028

< 8.0.5567

OneUptime is a solution for monitoring and managing online services. Prior to version 8.0.5567, OneUptime is vulnerable to privile

8.2HIGH

CVE-2025-65966

all versions

OneUptime is a solution for monitoring and managing online services. In version 9.0.5598, a low-permission user can create new acc

8.1HIGH

CVE-2024-29194

>= 7.0.1803 and < 7.0.1815

OneUptime is a solution for monitoring and managing online services. The vulnerability lies in the improper validation of client-s

8.3HIGH