{"url":"http://public2.vulnerablecode.io/api/packages/74567?format=json","purl":"pkg:npm/%40oneuptime/common@10.0.19","type":"npm","namespace":"@oneuptime","name":"common","version":"10.0.19","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"10.0.21","latest_non_vulnerable_version":"10.0.21","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50796?format=json","vulnerability_id":"VCID-4f5g-8zv2-cuad","summary":"OneUptime has Synthetic Monitor RCE via exposed Playwright browser object\nOneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the `oneuptime-probe` server/container.\n\nThe root cause is that untrusted Synthetic Monitor code is executed inside Node's `vm` while live host-realm Playwright `browser` and `page` objects are exposed to it. A malicious user can call Playwright APIs on the injected `browser` object and cause the probe to spawn an attacker-controlled executable.\n\nThis is a server-side remote code execution issue. It does not require a separate `vm` sandbox escape.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30957","reference_id":"","reference_type":"","scores":[{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29377","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29364","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29397","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29431","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29467","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30957"},{"reference_url":"https://github.com/OneUptime/oneuptime","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OneUptime/oneuptime"},{"reference_url":"https://github.com/OneUptime/oneuptime/releases/tag/10.0.21","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-10T18:21:28Z/"}],"url":"https://github.com/OneUptime/oneuptime/releases/tag/10.0.21"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30957","reference_id":"CVE-2026-30957","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30957"},{"reference_url":"https://github.com/advisories/GHSA-jw8q-gjvg-8w4q","reference_id":"GHSA-jw8q-gjvg-8w4q","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jw8q-gjvg-8w4q"},{"reference_url":"https://github.com/OneUptime/oneuptime/security/advisories/GHSA-jw8q-gjvg-8w4q","reference_id":"GHSA-jw8q-gjvg-8w4q","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-10T18:21:28Z/"}],"url":"https://github.com/OneUptime/oneuptime/security/advisories/GHSA-jw8q-gjvg-8w4q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74599?format=json","purl":"pkg:npm/%40oneuptime/common@10.0.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540oneuptime/common@10.0.21"}],"aliases":["CVE-2026-30957","GHSA-jw8q-gjvg-8w4q"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4f5g-8zv2-cuad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50807?format=json","vulnerability_id":"VCID-5t7q-dx18-dbft","summary":"OneUptime has authorization bypass via client‑controlled is-multi-tenant-query header that leads to cross‑tenant data exposure and account takeover\nA low‑privileged user can bypass authorization and tenant isolation in OneUptime `v10.0.20` by sending a forged `is-multi-tenant-query` header together with a controlled `projectid` header.\n\nBecause the server trusts this client-supplied header, internal permission checks in `BasePermission` are skipped and tenant scoping is disabled.\n\nThis allows attackers to:\n\n1. Access project data belonging to other tenants\n2. Read sensitive User fields via nested relations\n3. Leak plaintext resetPasswordToken\n4. Reset the victim’s password and fully take over the account\n\nThis results in cross‑tenant data exposure and full account takeover.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30956","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06552","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06549","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06592","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06602","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30956"},{"reference_url":"https://github.com/OneUptime/oneuptime","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OneUptime/oneuptime"},{"reference_url":"https://github.com/OneUptime/oneuptime/releases/tag/10.0.21","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-10T18:25:16Z/"}],"url":"https://github.com/OneUptime/oneuptime/releases/tag/10.0.21"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30956","reference_id":"CVE-2026-30956","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30956"},{"reference_url":"https://github.com/advisories/GHSA-r5v6-2599-9g3m","reference_id":"GHSA-r5v6-2599-9g3m","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r5v6-2599-9g3m"},{"reference_url":"https://github.com/OneUptime/oneuptime/security/advisories/GHSA-r5v6-2599-9g3m","reference_id":"GHSA-r5v6-2599-9g3m","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-10T18:25:16Z/"}],"url":"https://github.com/OneUptime/oneuptime/security/advisories/GHSA-r5v6-2599-9g3m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74599?format=json","purl":"pkg:npm/%40oneuptime/common@10.0.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540oneuptime/common@10.0.21"}],"aliases":["CVE-2026-30956","GHSA-r5v6-2599-9g3m"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5t7q-dx18-dbft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50792?format=json","vulnerability_id":"VCID-7xqz-2mrp-23at","summary":"OneUptime has WhatsApp Resend Verification Authorization Bypass\nThe resend-verification-code endpoint allows any authenticated user to trigger a verification code resend for any `UserWhatsApp` record by ID. Ownership is not validated (unlike the verify endpoint).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30959","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05575","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05576","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05536","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05577","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0559","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30959"},{"reference_url":"https://github.com/OneUptime/oneuptime","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OneUptime/oneuptime"},{"reference_url":"https://github.com/OneUptime/oneuptime/releases/tag/10.0.21","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T17:59:00Z/"}],"url":"https://github.com/OneUptime/oneuptime/releases/tag/10.0.21"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30959","reference_id":"CVE-2026-30959","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30959"},{"reference_url":"https://github.com/advisories/GHSA-cw6x-mw64-q6pv","reference_id":"GHSA-cw6x-mw64-q6pv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cw6x-mw64-q6pv"},{"reference_url":"https://github.com/OneUptime/oneuptime/security/advisories/GHSA-cw6x-mw64-q6pv","reference_id":"GHSA-cw6x-mw64-q6pv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T17:59:00Z/"}],"url":"https://github.com/OneUptime/oneuptime/security/advisories/GHSA-cw6x-mw64-q6pv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74599?format=json","purl":"pkg:npm/%40oneuptime/common@10.0.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540oneuptime/common@10.0.21"}],"aliases":["CVE-2026-30959","GHSA-cw6x-mw64-q6pv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7xqz-2mrp-23at"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50754?format=json","vulnerability_id":"VCID-eqqc-d3be-j7bt","summary":"OneUptime: Synthetic Monitor RCE via exposed Playwright browser object\nSummary\n\nOneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the `oneuptime-probe` service. In the current implementation, this untrusted code is run inside Node's `vm` and is given live host Playwright objects such as `browser` and `page`.\n\nThis creates a distinct server-side RCE primitive: the attacker does not need the classic `this.constructor.constructor(...)` sandbox escape. Instead, the attacker can directly use the injected Playwright `browser` object to reach `browser.browserType().launch(...)` and spawn an arbitrary executable on the probe host/container.\n\nThis appears to be a separate issue from the previously published `node:vm(GHSA-h343-gg57-2q67)` breakout advisory because the root cause here is exposure of a dangerous host capability object to untrusted code, not prototype-chain access to `process`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30921","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06483","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06481","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06522","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06533","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06535","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30921"},{"reference_url":"https://github.com/OneUptime/oneuptime","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OneUptime/oneuptime"},{"reference_url":"https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/App/FeatureSet/Dashboard/src/Components/Form/Monitor/MonitorStep.tsx#L861-L918","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/App/FeatureSet/Dashboard/src/Components/Form/Monitor/MonitorStep.tsx#L861-L918"},{"reference_url":"https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/App/FeatureSet/Dashboard/src/Components/Form/Monitor/MonitorTest.tsx#L66-L84","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/App/FeatureSet/Dashboard/src/Components/Form/Monitor/MonitorTest.tsx#L66-L84"},{"reference_url":"https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Common/Models/DatabaseModels/MonitorTest.ts#L27-L60","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Common/Models/DatabaseModels/MonitorTest.ts#L27-L60"},{"reference_url":"https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Common/Models/DatabaseModels/Monitor.ts#L45-L78","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Common/Models/DatabaseModels/Monitor.ts#L45-L78"},{"reference_url":"https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Common/Server/Utils/VM/VMRunner.ts#L323-L405","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Common/Server/Utils/VM/VMRunner.ts#L323-L405"},{"reference_url":"https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Probe/Jobs/Monitor/FetchList.ts#L110-L121","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Probe/Jobs/Monitor/FetchList.ts#L110-L121"},{"reference_url":"https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Probe/Jobs/Monitor/FetchMonitorTest.ts#L55-L85","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Probe/Jobs/Monitor/FetchMonitorTest.ts#L55-L85"},{"reference_url":"https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Probe/Utils/Monitors/Monitor.ts#L323-L338","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Probe/Utils/Monitors/Monitor.ts#L323-L338"},{"reference_url":"https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Probe/Utils/Monitors/MonitorTypes/SyntheticMonitor.ts#L156-L168","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OneUptime/oneuptime/blob/8e90f451426b160718bdd1796b68c5ec15318101/Probe/Utils/Monitors/MonitorTypes/SyntheticMonitor.ts#L156-L168"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30921","reference_id":"CVE-2026-30921","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30921"},{"reference_url":"https://github.com/advisories/GHSA-4j36-39gm-8vq8","reference_id":"GHSA-4j36-39gm-8vq8","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4j36-39gm-8vq8"},{"reference_url":"https://github.com/OneUptime/oneuptime/security/advisories/GHSA-4j36-39gm-8vq8","reference_id":"GHSA-4j36-39gm-8vq8","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-10T14:13:48Z/"}],"url":"https://github.com/OneUptime/oneuptime/security/advisories/GHSA-4j36-39gm-8vq8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74546?format=json","purl":"pkg:npm/%40oneuptime/common@10.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f5g-8zv2-cuad"},{"vulnerability":"VCID-5t7q-dx18-dbft"},{"vulnerability":"VCID-7xqz-2mrp-23at"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540oneuptime/common@10.0.20"}],"aliases":["CVE-2026-30921","GHSA-4j36-39gm-8vq8"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eqqc-d3be-j7bt"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50772?format=json","vulnerability_id":"VCID-9wgt-hq4j-63hj","summary":"OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding\nOneUptime's GitHub App callback trusts attacker-controlled `state` and `installation_id` values and updates `Project.gitHubAppInstallationId` with `isRoot: true` without validating that the caller is authorized for the target project. This allows an attacker to overwrite another project's GitHub App installation binding.\n\nRelated GitHub endpoints also lack effective authorization, so a valid installation ID can be used to enumerate repositories and create `CodeRepository` records in an arbitrary project.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30920","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01536","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01525","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01527","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01534","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01526","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30920"},{"reference_url":"https://github.com/OneUptime/oneuptime","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OneUptime/oneuptime"},{"reference_url":"https://github.com/OneUptime/oneuptime/blob/master/Common/Server/API/GitHubAPI.ts#L127-L165","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OneUptime/oneuptime/blob/master/Common/Server/API/GitHubAPI.ts#L127-L165"},{"reference_url":"https://github.com/OneUptime/oneuptime/blob/master/Common/Server/API/GitHubAPI.ts#L179-L258","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OneUptime/oneuptime/blob/master/Common/Server/API/GitHubAPI.ts#L179-L258"},{"reference_url":"https://github.com/OneUptime/oneuptime/blob/master/Common/Server/API/GitHubAPI.ts#L260-L356","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OneUptime/oneuptime/blob/master/Common/Server/API/GitHubAPI.ts#L260-L356"},{"reference_url":"https://github.com/OneUptime/oneuptime/blob/master/Common/Server/API/GitHubAPI.ts#L34-L112","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OneUptime/oneuptime/blob/master/Common/Server/API/GitHubAPI.ts#L34-L112"},{"reference_url":"https://github.com/OneUptime/oneuptime/blob/master/Common/Server/API/GitHubAPI.ts#L73-L79","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OneUptime/oneuptime/blob/master/Common/Server/API/GitHubAPI.ts#L73-L79"},{"reference_url":"https://github.com/OneUptime/oneuptime/blob/master/Common/Server/Middleware/UserAuthorization.ts#L205-L211","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OneUptime/oneuptime/blob/master/Common/Server/Middleware/UserAuthorization.ts#L205-L211"},{"reference_url":"https://github.com/OneUptime/oneuptime/blob/master/Common/Server/Utils/CodeRepository/GitHub/GitHub.ts#L347-L425","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OneUptime/oneuptime/blob/master/Common/Server/Utils/CodeRepository/GitHub/GitHub.ts#L347-L425"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30920","reference_id":"CVE-2026-30920","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30920"},{"reference_url":"https://github.com/advisories/GHSA-656w-6f6c-m9r6","reference_id":"GHSA-656w-6f6c-m9r6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-656w-6f6c-m9r6"},{"reference_url":"https://github.com/OneUptime/oneuptime/security/advisories/GHSA-656w-6f6c-m9r6","reference_id":"GHSA-656w-6f6c-m9r6","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T14:14:27Z/"}],"url":"https://github.com/OneUptime/oneuptime/security/advisories/GHSA-656w-6f6c-m9r6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74567?format=json","purl":"pkg:npm/%40oneuptime/common@10.0.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f5g-8zv2-cuad"},{"vulnerability":"VCID-5t7q-dx18-dbft"},{"vulnerability":"VCID-7xqz-2mrp-23at"},{"vulnerability":"VCID-eqqc-d3be-j7bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540oneuptime/common@10.0.19"}],"aliases":["CVE-2026-30920","GHSA-656w-6f6c-m9r6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9wgt-hq4j-63hj"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540oneuptime/common@10.0.19"}