Uptime.kuma Uptime Kuma — known CVE vulnerabilities
Every CVE whose affected-product data names Uptime.kuma Uptime Kuma, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2023-44400 — CVSS 6.7 (medium): Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user's device can gain persistent account…
CVE-2023-49804 — CVSS 6.7 (medium): Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, when a user changes their login password in Uptime…
CVE-2026-33130 — CVSS 6.5 (medium): Uptime Kuma is an open source, self-hosted monitoring tool. In versions 1.23.0 through 2.2.0, the fix from GHSA-vffh-c9pq-4crh doesn't…
CVE-2023-49276 — CVSS 6.3 (medium): Uptime Kuma is an open source self-hosted monitoring tool. In affected versions the Google Analytics element in vulnerable to Attribute…
CVE-2023-49805 — CVSS 6.0 (medium): Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, the application uses WebSocket (with Socket.io), but it…
CVE-2026-32230 — CVSS 5.3 (medium): Uptime Kuma is an open source, self-hosted monitoring tool. From 2.0.0 to 2.1.3 , the GET /api/badge/:id/ping/:duration? endpoint in…