npm/oneuptime — 5 CVEs

CRITICAL9.9CVE-2026-32306OneUptime ClickHouse SQL Injection via Aggregate Query Parameters

from 0, < 10.0.23

HIGH8.1CVE-2026-33142OneUptime ClickHouse vulnerable to SQL Injection via unvalidated column identifiers in sort, select, and groupBy parameters

from 0, < 10.0.34

HIGH7.6CVE-2026-32308OneUptime: Stored XSS via Mermaid Diagram Rendering (securityLevel: "loose")

from 0, < 10.0.23

—OneUptime WhatsApp Webhook Missing Signature Verification

from 0, < 10.0.34

—OneUptime: Password Reset Token Logged at INFO Level

from 0, < 10.0.23

pkg:npm/oneuptime