We only support our latest release with security updates.
Security: OneUptime/oneuptime
Security
SECURITY.md
-
Missing Authentication on Notification EndpointsGHSA-q253-6wcm-h8hp published
Mar 30, 2026 by simlarsenCritical -
Unauthenticated notification API endpoints: financial abuse via phone number purchase, service disruption, and SMTP credential exposureGHSA-6wc5-rhvj-cx7f published
Mar 30, 2026 by simlarsenCritical -
OneUptime SSO: Multi-Assertion Identity Injection via Decoupled Signature VerificationGHSA-5w5c-766x-265g published
Mar 31, 2026 by simlarsenHigh -
ClickHouse SQL Injection via unvalidated column identifiers in sort, select, and groupBy parametersGHSA-gcg3-c5p2-cqgg published
Mar 17, 2026 by simlarsenHigh -
Sandbox escape in Synthetic Monitor Playwright runtime allows project members to execute arbitrary commands on ProbeGHSA-cqpg-phpp-9jjg published
Mar 19, 2026 by simlarsenCritical -
WhatsApp Webhook Missing Signature VerificationGHSA-g5ph-f57v-mwjc published
Mar 17, 2026 by simlarsenHigh -
Password Reset Token Logged at INFO LevelGHSA-4524-cj9j-g4fj published
Mar 12, 2026 by simlarsenHigh -
Unauthenticated Workflow Execution via ManualAPIGHSA-6c3w-7xg4-4cf7 published
Apr 1, 2026 by simlarsenHigh -
RCE due to Node.js' vm module escape via error objects and infinite recursionGHSA-g9cp-35m2-fjv6 published
May 7, 2026 by simlarsenCritical -
Predictable Security Tokens Generated with UUID v1GHSA-f5j9-g76m-vvp9 published
Mar 12, 2026 by simlarsenModerate
Learn more about advisories related to OneUptime/oneuptime in the GitHub Advisory Database