pkg:PyPI/changedetection-io

All known vulnerabilities

• CRITICAL10.0CVE-2024-32651changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution
  from 0, < 0.45.21
• CRITICAL9.8CVE-2026-35490changedetection.io Vulnerable to Authentication Bypass via Decorator Ordering
  from 0, < 0.54.8
• CRITICAL9.8changedetection.io Vulnerable to Authentication Bypass via Decorator Ordering
  from 0, < 0.54.8
• HIGH8.6changedetection.io is Vulnerable to SSRF via Watch URLs
  from 0, < 0.54.1
• HIGH8.6changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal
  from 0, < 0.48.05
• HIGH8.6changedetection.io path traversal using file URI scheme without supplying hostname
  from 0, < 0.47.6
• HIGH7.5changedetection.io has an Arbitrary Local File Read via a crafted backup restore
  from 0, < 0.55.1
• HIGH7.5changedetection.io has an Arbitrary Local File Read via a crafted backup restore
  from 0, < 0.55.1
• HIGH7.5changedetection.io project has an XXE vulnerability
  from 0, <= 0.54.9
• HIGH7.5changedetection.io project has an XXE vulnerability
  from 0, < 0.54.10
• MEDIUM6.5changedetection.io Path Traversal
  from 0, < 0.47.5
• MEDIUM6.1changedetection.io has Reflected XSS in its RSS Tag Error Response
  from 0, < 0.54.4
• MEDIUM6.1changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error Response
  from 0, < 0.53.7
• MEDIUM5.4Stored cross site scripting in changedetection.io
  from 0, < 0.40.2
• MEDIUM5.4Stored cross site scripting in changedetection.io
  from 0, < 0.40.1.1
• MEDIUM4.3changedetection.io Cross-site Scripting vulnerability
  from 0, < 0.45.22
• LOW3.7changedetection.io API endpoint is not secured with API token
  >= 0.39.14, < 0.45.13
• LOW3.7changedetection.io API endpoint is not secured with API token
  from 0, < 402f1e47e78ecd155b1e90f30cce424ff7763e0f | >= 0.39.14, < 0.45.13
• LOW3.5changedetection.io: Stored XSS in Watch update via API
  from 0, < 0.50.34
• LOW3.5changedetection.io: Stored XSS in Watch update via API
  from 0, < 0.50.34
• —Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters
  from 0, < 0.54.7
• —changedetection.io has Zip Slip vulnerability in the backup restore functionality
  from 0, < 0.54.4
• —changedetection.io vulnerable to XPath - Arbitrary File Read via unparsed-text()
  from 0, < 0.54.4
• —ChangeDetection.io XSS in watch overview
  from 0, < 0.50.4