Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS0zcnc4LTR4cnEtM2Y3cM4ABFkJ

Moderate CVSS: 6.9 EPSS: 0.00017% (0.02633 Percentile) EPSS:
Permalink JSON

Uptime Kuma ReDoS vulnerability

Affected Packages Affected Versions Fixed Versions
npm:uptime-kuma >= 1.23.0, <= 2.0.0-dev.0 No known fixed version
0 Dependent packages
0 Dependent repositories
47 Downloads last month

Affected Version Ranges

All affected versions

2.0.0-dev.0

Uptime Kuma >== 1.23.0 has a ReDoS vulnerability, specifically when an administrator creates a notification through the web service. If a string is provided it triggers catastrophic backtracking in the regular expression, leading to a ReDoS attack.

References:

Identifiers

GHSA-3rw8-4xrq-3f7p

CVE-2025-26042

Risk

Severity

Moderate

CVSS

CVSS Score: 6.9

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS

EPSS Percentage: 0.00017

EPSS Percentile: 0.02633

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/louislam/uptime-kuma

Date and time

Published

4 months ago

Updated

4 months ago

API

JSON