OsVault/npm/@oneuptime/common
npm

@oneuptime/common

11 known vulnerabilities · 0 critical · 0 high

CVE-2026-30920

OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding

Published Mar 9, 2026
CVE-2026-30959

OneUptime has WhatsApp Resend Verification Authorization Bypass

Published Mar 10, 2026
CVE-2026-30921

OneUptime: Synthetic Monitor RCE via exposed Playwright browser object

Published Mar 7, 2026
CVE-2025-66028

OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation

Published Nov 25, 2025
CVE-2025-65966

OneUptime Unauthorized User Creation via API

Published Nov 26, 2025
CVE-2026-28787

OneUptime has WebAuthn 2FA bypass: server accepts client-supplied challenge instead of server-stored value, allowing credential replay

Published Mar 2, 2026
CVE-2026-27574

OneUptime:: node:vm sandbox escape in probe allows any project member to achieve RCE

Published Feb 24, 2026
CVE-2026-30887

OneUpTime's Unsandboxed Code Execution in Probe Allows Any Project Member to Achieve RCE

Published Mar 7, 2026
CVE-2026-27728

OneUptime: OS Command Injection in Probe NetworkPathMonitor via unsanitized destination in traceroute exec()

Published Feb 25, 2026
CVE-2026-30957

OneUptime has Synthetic Monitor RCE via exposed Playwright browser object

Published Mar 10, 2026
CVE-2026-30956

OneUptime has authorization bypass via client‑controlled is-multi-tenant-query header that leads to cross‑tenant data exposure and account takeover

Published Mar 10, 2026
Check your entire dependency tree at onceRun dependency scan →