{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77931?format=json","vulnerability_id":"VCID-gwgx-g4us-j7er","summary":"OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the fix for CVE-2026-32306 (ClickHouse SQL injection via aggregate query parameters) added column name validation to the _aggregateBy method but did not apply the same validation to three other query construction paths in StatementGenerator. The toSortStatement, toSelectStatement, and toGroupByStatement methods accept user-controlled object keys from API request bodies and interpolate them as ClickHouse Identifier parameters without verifying they correspond to actual model columns. ClickHouse Identifier parameters are substituted directly into queries without escaping, so an attacker who can reach any analytics list or aggregate endpoint can inject arbitrary SQL through crafted sort, select, or groupBy keys. This issue has been patched in version 10.0.34.","aliases":[{"alias":"CVE-2026-33142"},{"alias":"GHSA-gcg3-c5p2-cqgg"}],"fixed_packages":[],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/965985?format=json","purl":"pkg:npm/oneuptime@4.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/965986?format=json","purl":"pkg:npm/oneuptime@4.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/965987?format=json","purl":"pkg:npm/oneuptime@4.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/965988?format=json","purl":"pkg:npm/oneuptime@4.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/965989?format=json","purl":"pkg:npm/oneuptime@4.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/965990?format=json","purl":"pkg:npm/oneuptime@4.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/965991?format=json","purl":"pkg:npm/oneuptime@4.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/965992?format=json","purl":"pkg:npm/oneuptime@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/965993?format=json","purl":"pkg:npm/oneuptime@4.0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/965994?format=json","purl":"pkg:npm/oneuptime@4.0.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.13"},{"url":"http://public2.vulnerablecode.io/api/packages/965995?format=json","purl":"pkg:npm/oneuptime@4.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/965996?format=json","purl":"pkg:npm/oneuptime@4.0.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.15"},{"url":"http://public2.vulnerablecode.io/api/packages/965997?format=json","purl":"pkg:npm/oneuptime@4.0.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.16"},{"url":"http://public2.vulnerablecode.io/api/packages/965998?format=json","purl":"pkg:npm/oneuptime@4.0.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.17"},{"url":"http://public2.vulnerablecode.io/api/packages/965999?format=json","purl":"pkg:npm/oneuptime@4.0.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.18"},{"url":"http://public2.vulnerablecode.io/api/packages/966000?format=json","purl":"pkg:npm/oneuptime@4.0.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.19"},{"url":"http://public2.vulnerablecode.io/api/packages/966001?format=json","purl":"pkg:npm/oneuptime@4.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.20"},{"url":"http://public2.vulnerablecode.io/api/packages/966002?format=json","purl":"pkg:npm/oneuptime@4.0.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.21"},{"url":"http://public2.vulnerablecode.io/api/packages/966003?format=json","purl":"pkg:npm/oneuptime@4.0.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.22"},{"url":"http://public2.vulnerablecode.io/api/packages/966004?format=json","purl":"pkg:npm/oneuptime@4.0.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.23"},{"url":"http://public2.vulnerablecode.io/api/packages/966005?format=json","purl":"pkg:npm/oneuptime@4.0.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.24"},{"url":"http://public2.vulnerablecode.io/api/packages/966006?format=json","purl":"pkg:npm/oneuptime@4.0.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.25"},{"url":"http://public2.vulnerablecode.io/api/packages/966007?format=json","purl":"pkg:npm/oneuptime@4.0.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.26"},{"url":"http://public2.vulnerablecode.io/api/packages/966008?format=json","purl":"pkg:npm/oneuptime@4.0.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.27"},{"url":"http://public2.vulnerablecode.io/api/packages/966009?format=json","purl":"pkg:npm/oneuptime@4.0.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.28"},{"url":"http://public2.vulnerablecode.io/api/packages/966010?format=json","purl":"pkg:npm/oneuptime@4.0.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.29"},{"url":"http://public2.vulnerablecode.io/api/packages/966011?format=json","purl":"pkg:npm/oneuptime@4.0.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.30"},{"url":"http://public2.vulnerablecode.io/api/packages/966012?format=json","purl":"pkg:npm/oneuptime@4.0.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.31"},{"url":"http://public2.vulnerablecode.io/api/packages/966013?format=json","purl":"pkg:npm/oneuptime@4.0.32","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.32"},{"url":"http://public2.vulnerablecode.io/api/packages/966014?format=json","purl":"pkg:npm/oneuptime@4.0.33","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.33"},{"url":"http://public2.vulnerablecode.io/api/packages/966015?format=json","purl":"pkg:npm/oneuptime@4.0.34","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.34"},{"url":"http://public2.vulnerablecode.io/api/packages/966016?format=json","purl":"pkg:npm/oneuptime@4.0.35","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.35"},{"url":"http://public2.vulnerablecode.io/api/packages/966017?format=json","purl":"pkg:npm/oneuptime@4.0.36","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.36"},{"url":"http://public2.vulnerablecode.io/api/packages/966018?format=json","purl":"pkg:npm/oneuptime@4.0.37","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.37"},{"url":"http://public2.vulnerablecode.io/api/packages/966019?format=json","purl":"pkg:npm/oneuptime@4.0.38","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.38"},{"url":"http://public2.vulnerablecode.io/api/packages/966020?format=json","purl":"pkg:npm/oneuptime@4.0.39","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.39"},{"url":"http://public2.vulnerablecode.io/api/packages/966021?format=json","purl":"pkg:npm/oneuptime@4.0.40","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.40"},{"url":"http://public2.vulnerablecode.io/api/packages/966022?format=json","purl":"pkg:npm/oneuptime@4.0.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.41"},{"url":"http://public2.vulnerablecode.io/api/packages/966023?format=json","purl":"pkg:npm/oneuptime@4.0.42","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.42"},{"url":"http://public2.vulnerablecode.io/api/packages/966024?format=json","purl":"pkg:npm/oneuptime@4.0.43","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.43"},{"url":"http://public2.vulnerablecode.io/api/packages/966025?format=json","purl":"pkg:npm/oneuptime@4.0.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.44"},{"url":"http://public2.vulnerablecode.io/api/packages/966026?format=json","purl":"pkg:npm/oneuptime@4.0.45","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.45"},{"url":"http://public2.vulnerablecode.io/api/packages/966027?format=json","purl":"pkg:npm/oneuptime@4.0.46","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.46"},{"url":"http://public2.vulnerablecode.io/api/packages/966028?format=json","purl":"pkg:npm/oneuptime@4.0.47","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.47"},{"url":"http://public2.vulnerablecode.io/api/packages/966029?format=json","purl":"pkg:npm/oneuptime@4.0.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.48"},{"url":"http://public2.vulnerablecode.io/api/packages/966030?format=json","purl":"pkg:npm/oneuptime@4.0.49","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.49"},{"url":"http://public2.vulnerablecode.io/api/packages/966031?format=json","purl":"pkg:npm/oneuptime@4.0.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.50"},{"url":"http://public2.vulnerablecode.io/api/packages/966032?format=json","purl":"pkg:npm/oneuptime@4.0.51","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.51"},{"url":"http://public2.vulnerablecode.io/api/packages/966033?format=json","purl":"pkg:npm/oneuptime@4.0.52","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.52"},{"url":"http://public2.vulnerablecode.io/api/packages/966034?format=json","purl":"pkg:npm/oneuptime@4.0.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.53"},{"url":"http://public2.vulnerablecode.io/api/packages/966035?format=json","purl":"pkg:npm/oneuptime@4.0.54","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.54"},{"url":"http://public2.vulnerablecode.io/api/packages/966036?format=json","purl":"pkg:npm/oneuptime@4.0.55","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.55"},{"url":"http://public2.vulnerablecode.io/api/packages/966037?format=json","purl":"pkg:npm/oneuptime@4.0.56","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.56"},{"url":"http://public2.vulnerablecode.io/api/packages/966038?format=json","purl":"pkg:npm/oneuptime@4.0.57","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.57"},{"url":"http://public2.vulnerablecode.io/api/packages/966039?format=json","purl":"pkg:npm/oneuptime@4.0.58","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.58"},{"url":"http://public2.vulnerablecode.io/api/packages/966040?format=json","purl":"pkg:npm/oneuptime@4.0.59","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.59"},{"url":"http://public2.vulnerablecode.io/api/packages/966041?format=json","purl":"pkg:npm/oneuptime@4.0.60","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.60"},{"url":"http://public2.vulnerablecode.io/api/packages/966042?format=json","purl":"pkg:npm/oneuptime@4.0.61","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.61"},{"url":"http://public2.vulnerablecode.io/api/packages/966043?format=json","purl":"pkg:npm/oneuptime@4.0.62","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.62"},{"url":"http://public2.vulnerablecode.io/api/packages/966044?format=json","purl":"pkg:npm/oneuptime@4.0.63","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.63"},{"url":"http://public2.vulnerablecode.io/api/packages/966045?format=json","purl":"pkg:npm/oneuptime@4.0.64","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.64"},{"url":"http://public2.vulnerablecode.io/api/packages/966046?format=json","purl":"pkg:npm/oneuptime@4.0.65","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.65"},{"url":"http://public2.vulnerablecode.io/api/packages/966047?format=json","purl":"pkg:npm/oneuptime@4.0.66","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.66"},{"url":"http://public2.vulnerablecode.io/api/packages/966048?format=json","purl":"pkg:npm/oneuptime@4.0.67","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.67"},{"url":"http://public2.vulnerablecode.io/api/packages/966049?format=json","purl":"pkg:npm/oneuptime@4.0.68","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.68"},{"url":"http://public2.vulnerablecode.io/api/packages/966050?format=json","purl":"pkg:npm/oneuptime@4.0.69","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d1k-7634-k3gc"},{"vulnerability":"VCID-gwgx-g4us-j7er"},{"vulnerability":"VCID-paar-mre8-fbgz"},{"vulnerability":"VCID-ugpa-g28u-byce"},{"vulnerability":"VCID-vzkv-wwxq-jqfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/oneuptime@4.0.69"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33142","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02914","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02907","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02903","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02917","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33142"},{"reference_url":"https://github.com/OneUptime/oneuptime","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OneUptime/oneuptime"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33142","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33142"},{"reference_url":"https://github.com/advisories/GHSA-gcg3-c5p2-cqgg","reference_id":"GHSA-gcg3-c5p2-cqgg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gcg3-c5p2-cqgg"},{"reference_url":"https://github.com/OneUptime/oneuptime/security/advisories/GHSA-gcg3-c5p2-cqgg","reference_id":"GHSA-gcg3-c5p2-cqgg","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:41:51Z/"}],"url":"https://github.com/OneUptime/oneuptime/security/advisories/GHSA-gcg3-c5p2-cqgg"}],"weaknesses":[{"cwe_id":89,"name":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","description":"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gwgx-g4us-j7er"}