{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77445?format=json","vulnerability_id":"VCID-paar-mre8-fbgz","summary":"OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName parameters and interpolates them directly into ClickHouse SQL queries via the .append() method (documented as \"trusted SQL\"). There is no allowlist, no parameterized query binding, and no input validation. An authenticated user can inject arbitrary SQL into ClickHouse, enabling full database read (including telemetry data from all tenants), data modification, and potential remote code execution via ClickHouse table functions. This vulnerability is fixed in 10.0.23.","aliases":[{"alias":"CVE-2026-32306"},{"alias":"GHSA-p5g2-jm85-8g35"}],"fixed_packages":[],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/965985?format=json","purl":"pkg:npm/oneuptime@4.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/965986?format=json","purl":"pkg:npm/oneuptime@4.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/965987?format=json","purl":"pkg:npm/oneuptime@4.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/965988?format=json","purl":"pkg:npm/oneuptime@4.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/965989?format=json","purl":"pkg:npm/oneuptime@4.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/965990?format=json","purl":"pkg:npm/oneuptime@4.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/965991?format=json","purl":"pkg:npm/oneuptime@4.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/965992?format=json","purl":"pkg:npm/oneuptime@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/965993?format=json","purl":"pkg:npm/oneuptime@4.0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/965994?format=json","purl":"pkg:npm/oneuptime@4.0.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.13"},{"url":"http://public2.vulnerablecode.io/api/packages/965995?format=json","purl":"pkg:npm/oneuptime@4.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/965996?format=json","purl":"pkg:npm/oneuptime@4.0.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.15"},{"url":"http://public2.vulnerablecode.io/api/packages/965997?format=json","purl":"pkg:npm/oneuptime@4.0.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.16"},{"url":"http://public2.vulnerablecode.io/api/packages/965998?format=json","purl":"pkg:npm/oneuptime@4.0.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.17"},{"url":"http://public2.vulnerablecode.io/api/packages/965999?format=json","purl":"pkg:npm/oneuptime@4.0.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.18"},{"url":"http://public2.vulnerablecode.io/api/packages/966000?format=json","purl":"pkg:npm/oneuptime@4.0.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.19"},{"url":"http://public2.vulnerablecode.io/api/packages/966001?format=json","purl":"pkg:npm/oneuptime@4.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.20"},{"url":"http://public2.vulnerablecode.io/api/packages/966002?format=json","purl":"pkg:npm/oneuptime@4.0.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.21"},{"url":"http://public2.vulnerablecode.io/api/packages/966003?format=json","purl":"pkg:npm/oneuptime@4.0.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.22"},{"url":"http://public2.vulnerablecode.io/api/packages/966004?format=json","purl":"pkg:npm/oneuptime@4.0.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.23"},{"url":"http://public2.vulnerablecode.io/api/packages/966005?format=json","purl":"pkg:npm/oneuptime@4.0.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.24"},{"url":"http://public2.vulnerablecode.io/api/packages/966006?format=json","purl":"pkg:npm/oneuptime@4.0.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.25"},{"url":"http://public2.vulnerablecode.io/api/packages/966007?format=json","purl":"pkg:npm/oneuptime@4.0.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.26"},{"url":"http://public2.vulnerablecode.io/api/packages/966008?format=json","purl":"pkg:npm/oneuptime@4.0.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.27"},{"url":"http://public2.vulnerablecode.io/api/packages/966009?format=json","purl":"pkg:npm/oneuptime@4.0.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.28"},{"url":"http://public2.vulnerablecode.io/api/packages/966010?format=json","purl":"pkg:npm/oneuptime@4.0.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.29"},{"url":"http://public2.vulnerablecode.io/api/packages/966011?format=json","purl":"pkg:npm/oneuptime@4.0.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.30"},{"url":"http://public2.vulnerablecode.io/api/packages/966012?format=json","purl":"pkg:npm/oneuptime@4.0.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.31"},{"url":"http://public2.vulnerablecode.io/api/packages/966013?format=json","purl":"pkg:npm/oneuptime@4.0.32","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.32"},{"url":"http://public2.vulnerablecode.io/api/packages/966014?format=json","purl":"pkg:npm/oneuptime@4.0.33","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.33"},{"url":"http://public2.vulnerablecode.io/api/packages/966015?format=json","purl":"pkg:npm/oneuptime@4.0.34","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.34"},{"url":"http://public2.vulnerablecode.io/api/packages/966016?format=json","purl":"pkg:npm/oneuptime@4.0.35","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.35"},{"url":"http://public2.vulnerablecode.io/api/packages/966017?format=json","purl":"pkg:npm/oneuptime@4.0.36","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.36"},{"url":"http://public2.vulnerablecode.io/api/packages/966018?format=json","purl":"pkg:npm/oneuptime@4.0.37","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.37"},{"url":"http://public2.vulnerablecode.io/api/packages/966019?format=json","purl":"pkg:npm/oneuptime@4.0.38","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.38"},{"url":"http://public2.vulnerablecode.io/api/packages/966020?format=json","purl":"pkg:npm/oneuptime@4.0.39","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.39"},{"url":"http://public2.vulnerablecode.io/api/packages/966021?format=json","purl":"pkg:npm/oneuptime@4.0.40","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.40"},{"url":"http://public2.vulnerablecode.io/api/packages/966022?format=json","purl":"pkg:npm/oneuptime@4.0.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.41"},{"url":"http://public2.vulnerablecode.io/api/packages/966023?format=json","purl":"pkg:npm/oneuptime@4.0.42","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.42"},{"url":"http://public2.vulnerablecode.io/api/packages/966024?format=json","purl":"pkg:npm/oneuptime@4.0.43","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.43"},{"url":"http://public2.vulnerablecode.io/api/packages/966025?format=json","purl":"pkg:npm/oneuptime@4.0.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.44"},{"url":"http://public2.vulnerablecode.io/api/packages/966026?format=json","purl":"pkg:npm/oneuptime@4.0.45","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.45"},{"url":"http://public2.vulnerablecode.io/api/packages/966027?format=json","purl":"pkg:npm/oneuptime@4.0.46","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.46"},{"url":"http://public2.vulnerablecode.io/api/packages/966028?format=json","purl":"pkg:npm/oneuptime@4.0.47","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.47"},{"url":"http://public2.vulnerablecode.io/api/packages/966029?format=json","purl":"pkg:npm/oneuptime@4.0.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.48"},{"url":"http://public2.vulnerablecode.io/api/packages/966030?format=json","purl":"pkg:npm/oneuptime@4.0.49","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.49"},{"url":"http://public2.vulnerablecode.io/api/packages/966031?format=json","purl":"pkg:npm/oneuptime@4.0.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.50"},{"url":"http://public2.vulnerablecode.io/api/packages/966032?format=json","purl":"pkg:npm/oneuptime@4.0.51","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.51"},{"url":"http://public2.vulnerablecode.io/api/packages/966033?format=json","purl":"pkg:npm/oneuptime@4.0.52","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.52"},{"url":"http://public2.vulnerablecode.io/api/packages/966034?format=json","purl":"pkg:npm/oneuptime@4.0.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.53"},{"url":"http://public2.vulnerablecode.io/api/packages/966035?format=json","purl":"pkg:npm/oneuptime@4.0.54","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.54"},{"url":"http://public2.vulnerablecode.io/api/packages/966036?format=json","purl":"pkg:npm/oneuptime@4.0.55","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.55"},{"url":"http://public2.vulnerablecode.io/api/packages/966037?format=json","purl":"pkg:npm/oneuptime@4.0.56","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.56"},{"url":"http://public2.vulnerablecode.io/api/packages/966038?format=json","purl":"pkg:npm/oneuptime@4.0.57","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.57"},{"url":"http://public2.vulnerablecode.io/api/packages/966039?format=json","purl":"pkg:npm/oneuptime@4.0.58","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.58"},{"url":"http://public2.vulnerablecode.io/api/packages/966040?format=json","purl":"pkg:npm/oneuptime@4.0.59","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.59"},{"url":"http://public2.vulnerablecode.io/api/packages/966041?format=json","purl":"pkg:npm/oneuptime@4.0.60","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.60"},{"url":"http://public2.vulnerablecode.io/api/packages/966042?format=json","purl":"pkg:npm/oneuptime@4.0.61","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.61"},{"url":"http://public2.vulnerablecode.io/api/packages/966043?format=json","purl":"pkg:npm/oneuptime@4.0.62","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.62"},{"url":"http://public2.vulnerablecode.io/api/packages/966044?format=json","purl":"pkg:npm/oneuptime@4.0.63","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.63"},{"url":"http://public2.vulnerablecode.io/api/packages/966045?format=json","purl":"pkg:npm/oneuptime@4.0.64","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.64"},{"url":"http://public2.vulnerablecode.io/api/packages/966046?format=json","purl":"pkg:npm/oneuptime@4.0.65","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.65"},{"url":"http://public2.vulnerablecode.io/api/packages/966047?format=json","purl":"pkg:npm/oneuptime@4.0.66","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.66"},{"url":"http://public2.vulnerablecode.io/api/packages/966048?format=json","purl":"pkg:npm/oneuptime@4.0.67","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.67"},{"url":"http://public2.vulnerablecode.io/api/packages/966049?format=json","purl":"pkg:npm/oneuptime@4.0.68","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.68"},{"url":"http://public2.vulnerablecode.io/api/packages/966050?format=json","purl":"pkg:npm/oneuptime@4.0.69","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.69"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32306","reference_id":"","reference_type":"","scores":[{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67679","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67676","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67577","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67666","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32306"},{"reference_url":"https://github.com/OneUptime/oneuptime","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OneUptime/oneuptime"},{"reference_url":"https://github.com/OneUptime/oneuptime/releases/tag/10.0.23","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OneUptime/oneuptime/releases/tag/10.0.23"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32306","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32306"},{"reference_url":"https://github.com/advisories/GHSA-p5g2-jm85-8g35","reference_id":"GHSA-p5g2-jm85-8g35","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p5g2-jm85-8g35"},{"reference_url":"https://github.com/OneUptime/oneuptime/security/advisories/GHSA-p5g2-jm85-8g35","reference_id":"GHSA-p5g2-jm85-8g35","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-14T03:42:10Z/"}],"url":"https://github.com/OneUptime/oneuptime/security/advisories/GHSA-p5g2-jm85-8g35"}],"weaknesses":[{"cwe_id":89,"name":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","description":"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"9.0 - 10.0","exploitability":"0.5","weighted_severity":"9.0","risk_score":4.5,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-paar-mre8-fbgz"}