oneuptime
17 known vulnerabilities · 0 critical · 1 high
OneUptime ClickHouse SQL Injection via Aggregate Query Parameters
OneUptime: Stored XSS via Mermaid Diagram Rendering (securityLevel: "loose")
OneUptime ClickHouse vulnerable to SQL Injection via unvalidated column identifiers in sort, select, and groupBy parameters
OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding
OneUptime Vulnerable to a Privilege Escalation via Local Storage Key Manipulation
OneUptime: Synthetic Monitor RCE via exposed Playwright browser object
OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation
OneUptime has WebAuthn 2FA bypass: server accepts client-supplied challenge instead of server-stored value, allowing credential replay
OneUptime:: node:vm sandbox escape in probe allows any project member to achieve RCE
OneUpTime's Unsandboxed Code Execution in Probe Allows Any Project Member to Achieve RCE
OneUptime: OS Command Injection in Probe NetworkPathMonitor via unsanitized destination in traceroute exec()
OneUptime has Synthetic Monitor RCE via exposed Playwright browser object
OneUptime has authorization bypass via client‑controlled is-multi-tenant-query header that leads to cross‑tenant data exposure and account takeover