Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/77931?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77931?format=api", "vulnerability_id": "VCID-gwgx-g4us-j7er", "summary": "OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the fix for CVE-2026-32306 (ClickHouse SQL injection via aggregate query parameters) added column name validation to the _aggregateBy method but did not apply the same validation to three other query construction paths in StatementGenerator. The toSortStatement, toSelectStatement, and toGroupByStatement methods accept user-controlled object keys from API request bodies and interpolate them as ClickHouse Identifier parameters without verifying they correspond to actual model columns. ClickHouse Identifier parameters are substituted directly into queries without escaping, so an attacker who can reach any analytics list or aggregate endpoint can inject arbitrary SQL through crafted sort, select, or groupBy keys. This issue has been patched in version 10.0.34.", "aliases": [ { "alias": "CVE-2026-33142" }, { "alias": "GHSA-gcg3-c5p2-cqgg" } ], "fixed_packages": [], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/965985?format=api", "purl": "pkg:npm/oneuptime@4.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/965986?format=api", "purl": "pkg:npm/oneuptime@4.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/965987?format=api", "purl": "pkg:npm/oneuptime@4.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/965988?format=api", "purl": "pkg:npm/oneuptime@4.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/965989?format=api", "purl": "pkg:npm/oneuptime@4.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/965990?format=api", "purl": "pkg:npm/oneuptime@4.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/965991?format=api", "purl": "pkg:npm/oneuptime@4.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/965992?format=api", "purl": "pkg:npm/oneuptime@4.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/965993?format=api", "purl": "pkg:npm/oneuptime@4.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/965994?format=api", "purl": "pkg:npm/oneuptime@4.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/965995?format=api", "purl": "pkg:npm/oneuptime@4.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/965996?format=api", "purl": "pkg:npm/oneuptime@4.0.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/965997?format=api", "purl": "pkg:npm/oneuptime@4.0.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/965998?format=api", "purl": "pkg:npm/oneuptime@4.0.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/965999?format=api", "purl": "pkg:npm/oneuptime@4.0.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/966000?format=api", "purl": "pkg:npm/oneuptime@4.0.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/966001?format=api", "purl": "pkg:npm/oneuptime@4.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/966002?format=api", "purl": "pkg:npm/oneuptime@4.0.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/966003?format=api", "purl": "pkg:npm/oneuptime@4.0.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/966004?format=api", "purl": "pkg:npm/oneuptime@4.0.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/966005?format=api", "purl": "pkg:npm/oneuptime@4.0.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/966006?format=api", "purl": "pkg:npm/oneuptime@4.0.25", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/966007?format=api", "purl": "pkg:npm/oneuptime@4.0.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.26" }, { "url": "http://public2.vulnerablecode.io/api/packages/966008?format=api", "purl": "pkg:npm/oneuptime@4.0.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/966009?format=api", "purl": "pkg:npm/oneuptime@4.0.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.28" }, { "url": "http://public2.vulnerablecode.io/api/packages/966010?format=api", "purl": "pkg:npm/oneuptime@4.0.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.29" }, { "url": "http://public2.vulnerablecode.io/api/packages/966011?format=api", "purl": "pkg:npm/oneuptime@4.0.30", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.30" }, { "url": "http://public2.vulnerablecode.io/api/packages/966012?format=api", "purl": "pkg:npm/oneuptime@4.0.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.31" }, { "url": "http://public2.vulnerablecode.io/api/packages/966013?format=api", "purl": "pkg:npm/oneuptime@4.0.32", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/966014?format=api", "purl": "pkg:npm/oneuptime@4.0.33", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.33" }, { "url": "http://public2.vulnerablecode.io/api/packages/966015?format=api", "purl": "pkg:npm/oneuptime@4.0.34", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.34" }, { "url": "http://public2.vulnerablecode.io/api/packages/966016?format=api", "purl": "pkg:npm/oneuptime@4.0.35", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.35" }, { "url": "http://public2.vulnerablecode.io/api/packages/966017?format=api", "purl": "pkg:npm/oneuptime@4.0.36", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.36" }, { "url": "http://public2.vulnerablecode.io/api/packages/966018?format=api", "purl": "pkg:npm/oneuptime@4.0.37", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.37" }, { "url": "http://public2.vulnerablecode.io/api/packages/966019?format=api", "purl": "pkg:npm/oneuptime@4.0.38", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.38" }, { "url": "http://public2.vulnerablecode.io/api/packages/966020?format=api", "purl": "pkg:npm/oneuptime@4.0.39", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.39" }, { "url": "http://public2.vulnerablecode.io/api/packages/966021?format=api", "purl": "pkg:npm/oneuptime@4.0.40", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.40" }, { "url": "http://public2.vulnerablecode.io/api/packages/966022?format=api", "purl": "pkg:npm/oneuptime@4.0.41", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.41" }, { "url": "http://public2.vulnerablecode.io/api/packages/966023?format=api", "purl": "pkg:npm/oneuptime@4.0.42", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.42" }, { "url": "http://public2.vulnerablecode.io/api/packages/966024?format=api", "purl": "pkg:npm/oneuptime@4.0.43", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.43" }, { "url": "http://public2.vulnerablecode.io/api/packages/966025?format=api", "purl": "pkg:npm/oneuptime@4.0.44", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.44" }, { "url": "http://public2.vulnerablecode.io/api/packages/966026?format=api", "purl": "pkg:npm/oneuptime@4.0.45", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.45" }, { "url": "http://public2.vulnerablecode.io/api/packages/966027?format=api", "purl": "pkg:npm/oneuptime@4.0.46", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.46" }, { "url": "http://public2.vulnerablecode.io/api/packages/966028?format=api", "purl": "pkg:npm/oneuptime@4.0.47", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.47" }, { "url": "http://public2.vulnerablecode.io/api/packages/966029?format=api", "purl": "pkg:npm/oneuptime@4.0.48", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.48" }, { "url": "http://public2.vulnerablecode.io/api/packages/966030?format=api", "purl": "pkg:npm/oneuptime@4.0.49", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.49" }, { "url": "http://public2.vulnerablecode.io/api/packages/966031?format=api", "purl": "pkg:npm/oneuptime@4.0.50", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.50" }, { "url": "http://public2.vulnerablecode.io/api/packages/966032?format=api", "purl": "pkg:npm/oneuptime@4.0.51", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.51" }, { "url": "http://public2.vulnerablecode.io/api/packages/966033?format=api", "purl": "pkg:npm/oneuptime@4.0.52", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.52" }, { "url": "http://public2.vulnerablecode.io/api/packages/966034?format=api", "purl": "pkg:npm/oneuptime@4.0.53", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.53" }, { "url": "http://public2.vulnerablecode.io/api/packages/966035?format=api", "purl": "pkg:npm/oneuptime@4.0.54", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.54" }, { "url": "http://public2.vulnerablecode.io/api/packages/966036?format=api", "purl": "pkg:npm/oneuptime@4.0.55", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.55" }, { "url": "http://public2.vulnerablecode.io/api/packages/966037?format=api", "purl": "pkg:npm/oneuptime@4.0.56", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.56" }, { "url": "http://public2.vulnerablecode.io/api/packages/966038?format=api", "purl": "pkg:npm/oneuptime@4.0.57", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.57" }, { "url": "http://public2.vulnerablecode.io/api/packages/966039?format=api", "purl": "pkg:npm/oneuptime@4.0.58", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.58" }, { "url": "http://public2.vulnerablecode.io/api/packages/966040?format=api", "purl": "pkg:npm/oneuptime@4.0.59", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.59" }, { "url": "http://public2.vulnerablecode.io/api/packages/966041?format=api", "purl": "pkg:npm/oneuptime@4.0.60", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.60" }, { "url": "http://public2.vulnerablecode.io/api/packages/966042?format=api", "purl": "pkg:npm/oneuptime@4.0.61", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.61" }, { "url": "http://public2.vulnerablecode.io/api/packages/966043?format=api", "purl": "pkg:npm/oneuptime@4.0.62", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.62" }, { "url": "http://public2.vulnerablecode.io/api/packages/966044?format=api", "purl": "pkg:npm/oneuptime@4.0.63", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.63" }, { "url": "http://public2.vulnerablecode.io/api/packages/966045?format=api", "purl": "pkg:npm/oneuptime@4.0.64", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.64" }, { "url": "http://public2.vulnerablecode.io/api/packages/966046?format=api", "purl": "pkg:npm/oneuptime@4.0.65", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.65" }, { "url": "http://public2.vulnerablecode.io/api/packages/966047?format=api", "purl": "pkg:npm/oneuptime@4.0.66", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.66" }, { "url": "http://public2.vulnerablecode.io/api/packages/966048?format=api", "purl": "pkg:npm/oneuptime@4.0.67", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.67" }, { "url": "http://public2.vulnerablecode.io/api/packages/966049?format=api", "purl": "pkg:npm/oneuptime@4.0.68", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.68" }, { "url": "http://public2.vulnerablecode.io/api/packages/966050?format=api", "purl": "pkg:npm/oneuptime@4.0.69", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9d1k-7634-k3gc" }, { "vulnerability": "VCID-gwgx-g4us-j7er" }, { "vulnerability": "VCID-paar-mre8-fbgz" }, { "vulnerability": "VCID-ugpa-g28u-byce" }, { "vulnerability": "VCID-vzkv-wwxq-jqfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.69" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33142", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02914", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02907", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02903", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02917", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33142" }, { "reference_url": "https://github.com/OneUptime/oneuptime", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/OneUptime/oneuptime" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33142", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33142" }, { "reference_url": "https://github.com/advisories/GHSA-gcg3-c5p2-cqgg", "reference_id": "GHSA-gcg3-c5p2-cqgg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gcg3-c5p2-cqgg" }, { "reference_url": "https://github.com/OneUptime/oneuptime/security/advisories/GHSA-gcg3-c5p2-cqgg", "reference_id": "GHSA-gcg3-c5p2-cqgg", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:41:51Z/" } ], "url": "https://github.com/OneUptime/oneuptime/security/advisories/GHSA-gcg3-c5p2-cqgg" } ], "weaknesses": [ { "cwe_id": 89, "name": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "description": "The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": "0.5", "weighted_severity": "8.0", "risk_score": 4.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gwgx-g4us-j7er" }