Louislam Uptime-kuma
11 CVEs affecting Louislam Uptime-kuma. Latest disclosed: 2026-03-20. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-36821 | High | 8.8 | 2023-07-05 | Uptime Kuma, a self-hosted monitoring tool, allows an authenticated attacker to install a maliciously crafted plugin in versions prior to 1.22.1, which may lea… |
CVE-2024-56331 | Medium | 6.8 | 2024-12-20 | Uptime Kuma is an open source, self-hosted monitoring tool. An **Improper URL Handling Vulnerability** allows an attacker to access sensitive local files on th… |
CVE-2023-49804 | Medium | 6.7 | 2023-12-11 | Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, when a user changes their login password in Uptime Kuma, a previously logge… |
CVE-2023-44400 | Medium | 6.7 | 2023-10-09 | Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user's device can gain persistent account access. This is cau… |
CVE-2026-33130 | Medium | 6.5 | 2026-03-20 | Uptime Kuma is an open source, self-hosted monitoring tool. In versions 1.23.0 through 2.2.0, the fix from GHSA-vffh-c9pq-4crh doesn't fully work to preventSer… |
CVE-2023-36822 | Medium | 6.5 | 2023-07-05 | Uptime Kuma, a self-hosted monitoring tool, has a path traversal vulnerability in versions prior to 1.22.1. Uptime Kuma allows authenticated users to install p… |
CVE-2023-49276 | Medium | 6.3 | 2023-12-01 | Uptime Kuma is an open source self-hosted monitoring tool. In affected versions the Google Analytics element in vulnerable to Attribute Injection leading to Cr… |
CVE-2023-25811 | Medium | 6.3 | 2023-02-21 | Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma `name` parameter allows a persistent XSS attack. Users are advised to… |
CVE-2023-25810 | Medium | 6.3 | 2023-02-21 | Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma status page allows a persistent XSS attack. Users are advised to upgr… |
CVE-2023-49805 | Medium | 6.0 | 2023-12-11 | Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, the application uses WebSocket (with Socket.io), but it does not verify tha… |
CVE-2026-32230 | Medium | 5.3 | 2026-03-12 | Uptime Kuma is an open source, self-hosted monitoring tool. From 2.0.0 to 2.1.3 , the GET /api/badge/:id/ping/:duration? endpoint in server/routers/api-router… |