@oneuptime/common vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-30959Medium@oneuptime/common: OneUptime has WhatsApp Resend Verification Authorization BypassCVE-2026-30957Critical@oneuptime/common: OneUptime has Synthetic Monitor RCE via exposed Playwright browser objectCVE-2026-30956Critical@oneuptime/common: OneUptime has authorization bypass via client‑controlled is-multi-tenant-query header that leads to…CVE-2026-30920High@oneuptime/common: OneUptime has broken access control in GitHub App installation flow that allows unauthorized…CVE-2026-30921Critical@oneuptime/common: OneUptime: Synthetic Monitor RCE via exposed Playwright browser objectCVE-2026-30887Critical@oneuptime/common: OneUpTime's Unsandboxed Code Execution in Probe Allows Any Project Member to Achieve RCECVE-2026-28787High@oneuptime/common: OneUptime has WebAuthn 2FA bypass: server accepts client-supplied challenge instead of…CVE-2026-27728Critical@oneuptime/common: OneUptime: OS Command Injection in Probe NetworkPathMonitor via unsanitized destination in…CVE-2026-27574Critical@oneuptime/common: OneUptime:: node:vm sandbox escape in probe allows any project member to achieve RCECVE-2025-65966High@oneuptime/common: OneUptime Unauthorized User Creation via APICVE-2025-66028Medium@oneuptime/common: OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation

Stop the waste.
Protect your environment with Kodem.