OneUptime 安全漏洞

OneUptime is a comprehensive open-source solution developed by OneUptime. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.19 contain security vulnerabilities. These vulnerabilities stem from GitHub App callbacks that allow attackers to control parameters...

CVE-2026-30920 OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback trusts attacker-controlled state and installationid values and updates Project.gitHubAppInstallationId with isRoot: true without validating that the caller is authorized for the...

CVE-2026-30920 OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback trusts attacker-controlled state and installationid values and updates Project.gitHubAppInstallationId with isRoot: true without validating that the caller is authorized for the...

GHSA-656W-6F6C-M9R6 OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding

Summary OneUptime's GitHub App callback trusts attacker-controlled state and installationid values and updates Project.gitHubAppInstallationId with isRoot: true without validating that the caller is authorized for the target project. This allows an attacker to overwrite another project's GitHub A...

CVE-2025-67492

CVE-2025-67492 affects Weblate prior to version 5.15, where a crafted webhook payload could trigger mass repository updates and component enumeration through an overly permissive webhook endpoint. The root cause is the webhook handling allowing unauthorized triggering across multiple repositories...