| Title |
Severity |
Exploit |
Date |
Affected Version |
|
Uptime Kuma Server-side Template Injection (SSTI) in Notification Templates Allows Arbitrary File Read
|
Medium
|
|
Oct 20, 2025
|
== 2.0.0-dev.0
|
|
Uptime Kuma's Regular Expression in pushdeeer and whapi file Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
|
Medium
|
|
Mar 31, 2025
|
>= 1.15.0 <= 1.23.16
>= 2.0.0-beta.0 < 2.0.0-beta.2
|
|
CVE-2025-26042
|
Medium
|
|
Mar 31, 2025
|
>= 1.15.0 <= 1.23.16
>= 2.0.0-beta.0 < 2.0.0-beta.2
|
|
Enabling Authentication does not close all logged in socket connections immediately
|
Low
|
|
Apr 19, 2024
|
< 1.23.12
|
|
CVE-2023-49804
|
High
|
|
Dec 12, 2023
|
< 1.23.9
|
|
CVE-2023-49276
|
Medium
|
|
Dec 1, 2023
|
>= 1.20.0 < 1.23.7
|
|
Uptime Kuma Authenticated remote code execution via TailscalePing
|
Medium
|
|
Nov 27, 2023
|
>= 1.23.0 < 1.23.7
|
|
CVE-2023-44400
|
High
|
|
Oct 9, 2023
|
< 1.23.3
|
|
CVE-2023-36821
|
High
|
|
Jul 6, 2023
|
< 1.22.1
|
|
CVE-2023-36822
|
High
|
|
Jul 6, 2023
|
< 1.22.1
|
uptime-kuma