We only support our latest release with security updates.
Security: OneUptime/oneuptime
Security
SECURITY.md
-
Password Reset Token Logged at INFO LevelGHSA-4524-cj9j-g4fj published
Mar 12, 2026 by simlarsenHigh -
Predictable Security Tokens Generated with UUID v1GHSA-f5j9-g76m-vvp9 published
Mar 12, 2026 by simlarsenModerate -
Stored XSS via Mermaid Diagram Rendering (securityLevel: "loose")GHSA-wvh5-6vjm-23qh published
Mar 12, 2026 by simlarsenHigh -
ClickHouse SQL Injection via Aggregate Query ParametersGHSA-p5g2-jm85-8g35 published
Mar 12, 2026 by simlarsenCritical -
Authorization bypass via client‑controlled is-multi-tenant-query header leads to cross‑tenant data exposure and account takeoverGHSA-r5v6-2599-9g3m published
Mar 8, 2026 by simlarsenCritical -
Synthetic Monitor RCE via exposed Playwright browser object #2GHSA-jw8q-gjvg-8w4q published
Mar 8, 2026 by simlarsenCritical -
Path Traversal — Arbitrary File Read (No Auth)GHSA-p2wh-9pw8-hvff published
Mar 8, 2026 by simlarsenHigh -
WhatsApp Resend Verification Authorization BypassGHSA-cw6x-mw64-q6pv published
Mar 8, 2026 by simlarsenModerate -
Synthetic Monitor RCE via exposed Playwright browser objectGHSA-4j36-39gm-8vq8 published
Mar 6, 2026 by simlarsenCritical -
Broken access control in GitHub App installation flow allows unauthorized project bindingGHSA-656w-6f6c-m9r6 published
Mar 6, 2026 by simlarsenHigh
Learn more about advisories related to OneUptime/oneuptime in the GitHub Advisory Database