changedetection-io (pypi) security advisories

HIGH 7.5

PyPI

CVE-2026-43891

changedetection.io has an Arbitrary Local File Read via a crafted backup restore

May 5, 2026

HIGH 7.5

PyPI

CVE-2026-43891

May 12, 2026

UNKNOWN

PyPI

CVE-2023-24769

Feb 17, 2023

HIGH 7.5

PyPI

CVE-2026-41895

changedetection.io project has an XXE vulnerability

May 4, 2026

LOW 3.5

PyPI

CVE-2025-62780

changedetection.io: Stored XSS in Watch update via API

Nov 12, 2025

CRITICAL 9.8

PyPI

CVE-2026-35490

changedetection.io Vulnerable to Authentication Bypass via Decorator Ordering

Apr 6, 2026

HIGH 7.5

PyPI

CVE-2026-41895

May 12, 2026

CRITICAL 9.8

PyPI

CVE-2026-35490

Apr 7, 2026

MEDIUM 5.4

PyPI

CVE-2025-62780

Nov 10, 2025

UNKNOWN

PyPI

CVE-2026-33981

Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters

Mar 27, 2026

UNKNOWN

PyPI

CVE-2026-29039

changedetection.io vulnerable to XPath - Arbitrary File Read via unparsed-text()

Mar 4, 2026

MEDIUM 6.1

PyPI

CVE-2026-29038

changedetection.io has Reflected XSS in its RSS Tag Error Response

Mar 4, 2026

UNKNOWN

PyPI

CVE-2026-29065

changedetection.io has Zip Slip vulnerability in the backup restore functionality

Mar 4, 2026

MEDIUM 6.1

PyPI

CVE-2026-27645

changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error Response

Feb 25, 2026

HIGH 8.6

PyPI

CVE-2026-27696

changedetection.io is Vulnerable to SSRF via Watch URLs

Feb 25, 2026

CRITICAL 10.0

PyPI

CVE-2024-32651

changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution

Oct 15, 2024

UNKNOWN

PyPI

CVE-2025-52558

ChangeDetection.io XSS in watch overview

Jun 23, 2025

MEDIUM 5.4

PyPI

CVE-2023-24769

Stored cross site scripting in changedetection.io

Feb 18, 2023

HIGH 8.6

PyPI

CVE-2024-56509

changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal

Dec 27, 2024

HIGH 8.6

PyPI

CVE-2024-51998

changedetection.io path traversal using file URI scheme without supplying hostname

Nov 7, 2024

MEDIUM 6.5

PyPI

CVE-2024-51483

changedetection.io Path Traversal

Nov 1, 2024

LOW 3.7

PyPI

CVE-2024-23329

changedetection.io API endpoint is not secured with API token

Jan 23, 2024

MEDIUM 4.3

PyPI

CVE-2024-34061

changedetection.io Cross-site Scripting vulnerability

May 3, 2024

LOW 3.7

PyPI

CVE-2024-23329

Jan 19, 2024

changedetection-io

Vulnerabilities

changedetection.io has an Arbitrary Local File Read via a crafted backup restore

CVE-2026-43891

CVE-2023-24769

changedetection.io project has an XXE vulnerability

changedetection.io: Stored XSS in Watch update via API

changedetection.io Vulnerable to Authentication Bypass via Decorator Ordering

CVE-2026-41895

CVE-2026-35490

CVE-2025-62780

Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters

changedetection.io vulnerable to XPath - Arbitrary File Read via unparsed-text()

changedetection.io has Reflected XSS in its RSS Tag Error Response

changedetection.io has Zip Slip vulnerability in the backup restore functionality

changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error Response

changedetection.io is Vulnerable to SSRF via Watch URLs

changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution

ChangeDetection.io XSS in watch overview

Stored cross site scripting in changedetection.io

changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal

changedetection.io path traversal using file URI scheme without supplying hostname

changedetection.io Path Traversal

changedetection.io API endpoint is not secured with API token

changedetection.io Cross-site Scripting vulnerability

CVE-2024-23329

Start Securing