pkg:PyPI/changedetection-io

24 total CVEsCRITICAL3HIGH7MEDIUM6LOW4

✅ Check your installed version

All known vulnerabilities

  • CRITICAL10.0CVE-2024-32651changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution
    from 0, < 0.45.21
  • CRITICAL9.8CVE-2026-35490changedetection.io Vulnerable to Authentication Bypass via Decorator Ordering
    from 0, < 0.54.8
  • CRITICAL9.8CVE-2026-35490changedetection.io Vulnerable to Authentication Bypass via Decorator Ordering
    from 0, < 0.54.8
  • HIGH8.6CVE-2026-27696changedetection.io is Vulnerable to SSRF via Watch URLs
    from 0, < 0.54.1
  • HIGH8.6CVE-2024-56509changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal
    from 0, < 0.48.05
  • HIGH8.6CVE-2024-51998changedetection.io path traversal using file URI scheme without supplying hostname
    from 0, < 0.47.6
  • HIGH7.5CVE-2026-43891changedetection.io has an Arbitrary Local File Read via a crafted backup restore
    from 0, < 0.55.1
  • HIGH7.5CVE-2026-43891changedetection.io has an Arbitrary Local File Read via a crafted backup restore
    from 0, < 0.55.1
  • HIGH7.5CVE-2026-41895changedetection.io project has an XXE vulnerability
    from 0, <= 0.54.9
  • HIGH7.5CVE-2026-41895changedetection.io project has an XXE vulnerability
    from 0, < 0.54.10
  • MEDIUM6.5CVE-2024-51483changedetection.io Path Traversal
    from 0, < 0.47.5
  • MEDIUM6.1CVE-2026-29038changedetection.io has Reflected XSS in its RSS Tag Error Response
    from 0, < 0.54.4
  • MEDIUM6.1CVE-2026-27645changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error Response
    from 0, < 0.53.7
  • MEDIUM5.4CVE-2023-24769Stored cross site scripting in changedetection.io
    from 0, < 0.40.2
  • MEDIUM5.4CVE-2023-24769Stored cross site scripting in changedetection.io
    from 0, < 0.40.1.1
  • MEDIUM4.3CVE-2024-34061changedetection.io Cross-site Scripting vulnerability
    from 0, < 0.45.22
  • LOW3.7CVE-2024-23329changedetection.io API endpoint is not secured with API token
    >= 0.39.14, < 0.45.13
  • LOW3.7CVE-2024-23329changedetection.io API endpoint is not secured with API token
    from 0, < 402f1e47e78ecd155b1e90f30cce424ff7763e0f | >= 0.39.14, < 0.45.13
  • LOW3.5CVE-2025-62780changedetection.io: Stored XSS in Watch update via API
    from 0, < 0.50.34
  • LOW3.5CVE-2025-62780changedetection.io: Stored XSS in Watch update via API
    from 0, < 0.50.34
  • CVE-2026-33981Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters
    from 0, < 0.54.7
  • CVE-2026-29065changedetection.io has Zip Slip vulnerability in the backup restore functionality
    from 0, < 0.54.4
  • CVE-2026-29039changedetection.io vulnerable to XPath - Arbitrary File Read via unparsed-text()
    from 0, < 0.54.4
  • CVE-2025-52558ChangeDetection.io XSS in watch overview
    from 0, < 0.50.4