pkg:npm/uptime-kuma

All known vulnerabilities

• HIGH8.8CVE-2023-36821Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation
  from 0, < 1.22.1
• HIGH7.8CVE-2023-44400Uptime Kuma has Persistentent User Sessions
  from 0, < 1.23.3
• MEDIUM6.8CVE-2024-56331uptime-kuma vulnerable to Local File Inclusion (LFI) via Improper URL Handling in `Real-Browser` monitor
  >= 1.23.0, < 1.23.16
• MEDIUM6.7CVE-2023-49804Password Change Vulnerability
  from 0, < 1.23.9
• MEDIUM6.5CVE-2026-33130Uptime Kuma Server-side Template Injection (SSTI) in Notification Templates Allows Arbitrary File Read
• MEDIUM6.5CVE-2023-36822Uptime Kuma's authenticated path traversal via plugin repository name may lead to unavailability or data loss
  from 0, < 1.22.1
• MEDIUM6.1CVE-2023-49276Attribute Injection leading to XSS(Cross-Site-Scripting)
  >= 1.20.0, < 1.23.7
• MEDIUM5.3CVE-2026-32230Uptime Kuma is Missing Authorization Checks on Ping Badge Endpoint, Leaks Ping times of monitors without needing to be on a status page
  >= 2.0.0, < 2.2.0
• —CVE-2025-26042Uptime Kuma's Regular Expression in pushdeeer and whapi file Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
  >= 1.15.0, <= 1.23.16