@oneuptime/common (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package @oneuptime/common, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (11)
CVE-2026-30957 — CVSS 9.9 (critical): OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged…
CVE-2026-30887 — CVSS 9.9 (critical): OneUptime is a solution for monitoring and managing online services. Prior to 10.0.18, OneUptime allows project members to run custom…
CVE-2026-30921 — CVSS 9.9 (critical): OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged…
CVE-2026-30956 — CVSS 9.9 (critical): OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, a low‑privileged user can bypass authorization and…
CVE-2026-27574 — CVSS 9.9 (critical): OneUptime is a solution for monitoring and managing online services. In versions 9.5.13 and below, custom JavaScript monitor feature uses…
CVE-2026-27728 — CVSS 9.9 (critical): OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.7, an OS command injection vulnerability in…
CVE-2026-30920 — CVSS 8.6 (high): OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback trusts…
CVE-2025-66028 — CVSS 8.2 (high): OneUptime is a solution for monitoring and managing online services. Prior to version 8.0.5567, OneUptime is vulnerable to privilege…
CVE-2026-28787 — CVSS 8.2 (high): OneUptime is a solution for monitoring and managing online services. In version 10.0.11 and prior, the WebAuthn authentication…
CVE-2025-65966 — CVSS 8.1 (high): OneUptime is a solution for monitoring and managing online services. In version 9.0.5598, a low-permission user can create new accounts…
CVE-2026-30959 — CVSS 5.0 (medium): OneUptime is a solution for monitoring and managing online services. The resend-verification-code endpoint allows any authenticated user to…