uptime-kuma vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-32230Mediumuptime-kuma: Uptime Kuma is Missing Authorization Checks on Ping Badge Endpoint, Leaks Ping times of monitors without needing to be on a status pageGHSA-VFFH-C9PQ-4CRHMediumuptime-kuma: Uptime Kuma Server-side Template Injection (SSTI) in Notification Templates Allows Arbitrary File ReadCVE-2025-26042Mediumuptime-kuma: Uptime Kuma's Regular Expression in pushdeeer and whapi file Leads to ReDoS Vulnerability Due to Catastrophic BacktrackingCVE-2024-56331Mediumuptime-kuma: uptime-kuma vulnerable to Local File Inclusion (LFI) via Improper URL Handling in `Real-Browser` monitorCVE-2023-36821Highuptime-kuma: Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installationCVE-2023-36822Mediumuptime-kuma: Uptime Kuma's authenticated path traversal via plugin repository name may lead to unavailability or data lossGHSA-23Q2-5GF8-GJPPLowuptime-kuma: Enabling Authentication does not close all logged in socket connections immediately CVE-2023-49804Mediumuptime-kuma: Password Change VulnerabilityGHSA-HFXH-RJV7-2369Mediumuptime-kuma: Uptime Kuma Authenticated remote code execution via TailscalePingCVE-2023-49276Mediumuptime-kuma: Attribute Injection leading to XSS(Cross-Site-Scripting)CVE-2023-44400Highuptime-kuma: Uptime Kuma has Persistentent User Sessions

Stop the waste.
Protect your environment with Kodem.