Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/30532?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/30532?format=api", "purl": "pkg:pypi/changedetection-io@0.39.1", "type": "pypi", "namespace": "", "name": "changedetection-io", "version": "0.39.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "0.55.1", "latest_non_vulnerable_version": "0.55.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9666?format=api", "vulnerability_id": "VCID-6aa7-urwd-tqgw", "summary": "changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpath_filter() switches to XML mode for XML/RSS content and creates etree.XMLParser(strip_cdata=False) without explicitly disabling external entity resolution, external DTD loading, or network-backed entity lookup. The helper then parses untrusted XML bytes directly with etree.fromstring(...).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41895", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14682", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41895" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dgtlmoon/changedetection.io" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-v7cp-2cx9-x793", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T15:09:28Z/" } ], "url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-v7cp-2cx9-x793" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41895", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41895" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49205?format=api", "purl": "pkg:pypi/changedetection-io@0.54.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f4ss-7wu5-wqde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/changedetection-io@0.54.10" } ], "aliases": [ "CVE-2026-41895", "GHSA-v7cp-2cx9-x793", "PYSEC-2026-29" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6aa7-urwd-tqgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9479?format=api", "vulnerability_id": "VCID-a156-qupb-eqcv", "summary": "changedetection.io is a free open source web page change detection tool. A Stored Cross Site Scripting is present in changedetection.io Watch update API in versions prior to 0.50.34 due to insufficient security checks. Two scenarios are possible. In the first, an attacker can insert a new watch with an arbitrary URL which really points to a web page. Once the HTML content is retrieved, the attacker updates the URL with a JavaScript payload. In the second, an attacker substitutes the URL in an existing watch with a new URL that is in reality a JavaScript payload. When the user clicks on *Preview* and then on the malicious link, the JavaScript malicious code is executed. Version 0.50.34 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62780", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24222", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62780" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dgtlmoon/changedetection.io" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io/issues/3562", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dgtlmoon/changedetection.io/issues/3562" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io/pull/3564", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dgtlmoon/changedetection.io/pull/3564" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io/releases/tag/0.50.34", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dgtlmoon/changedetection.io/releases/tag/0.50.34" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-4c3j-3h7v-22q9", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-10T21:43:49Z/" } ], "url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-4c3j-3h7v-22q9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62780", "reference_id": "CVE-2025-62780", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62780" }, { "reference_url": "https://github.com/advisories/GHSA-4c3j-3h7v-22q9", "reference_id": "GHSA-4c3j-3h7v-22q9", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4c3j-3h7v-22q9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/45431?format=api", "purl": "pkg:pypi/changedetection-io@0.50.34", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6aa7-urwd-tqgw" }, { "vulnerability": "VCID-ek84-hjsn-yya7" }, { "vulnerability": "VCID-f4ss-7wu5-wqde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/changedetection-io@0.50.34" } ], "aliases": [ "CVE-2025-62780", "GHSA-4c3j-3h7v-22q9", "PYSEC-2025-91" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a156-qupb-eqcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9607?format=api", "vulnerability_id": "VCID-ek84-hjsn-yya7", "summary": "changedetection.io is a free open source web page change detection tool. Prior to 0.54.8, the @login_optionally_required decorator is placed before (outer to) @blueprint.route() instead of after it. In Flask, @route() must be the outermost decorator because it registers the function it receives. When the order is reversed, @route() registers the original undecorated function, and the auth wrapper is never in the call chain. This silently disables authentication on these routes. This vulnerability is fixed in 0.54.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35490", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09274", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35490" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dgtlmoon/changedetection.io" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io/commit/31a760c2147e3e73a403baf6d7de34dc50429c85", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dgtlmoon/changedetection.io/commit/31a760c2147e3e73a403baf6d7de34dc50429c85" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io/releases/tag/0.54.8", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dgtlmoon/changedetection.io/releases/tag/0.54.8" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-jmrh-xmgh-x9j4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-04-09T14:36:58Z/" } ], "url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-jmrh-xmgh-x9j4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35490", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35490" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48153?format=api", "purl": "pkg:pypi/changedetection-io@0.54.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6aa7-urwd-tqgw" }, { "vulnerability": "VCID-f4ss-7wu5-wqde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/changedetection-io@0.54.8" } ], "aliases": [ "CVE-2026-35490", "GHSA-jmrh-xmgh-x9j4", "PYSEC-2026-28" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ek84-hjsn-yya7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9667?format=api", "vulnerability_id": "VCID-f4ss-7wu5-wqde", "summary": "changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application extracts the archive and copies each restored watch UUID directory directly into the live datastore using shutil.copytree(entry.path, dst_dir). This preserves attacker-controlled files inside the restored watch directory, including history.txt. After restore, the application parses history.txt in the watch history property and returns the contents of the targeted local file. This vulnerability is fixed in 0.55.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43891", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11462", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43891" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dgtlmoon/changedetection.io" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-8757-69j2-hx56", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T14:36:12Z/" } ], "url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-8757-69j2-hx56" }, { "reference_url": "https://github.com/pocket-id/pocket-id/security/advisories/GHSA-w6p7-2fxx-4f44", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pocket-id/pocket-id/security/advisories/GHSA-w6p7-2fxx-4f44" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43891", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43891" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49206?format=api", "purl": "pkg:pypi/changedetection-io@0.55.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/changedetection-io@0.55.1" } ], "aliases": [ "CVE-2026-43891", "GHSA-8757-69j2-hx56", "PYSEC-2026-30" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f4ss-7wu5-wqde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8719?format=api", "vulnerability_id": "VCID-f8c5-jdxv-x7a7", "summary": "Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the \"Add a new change detection watch\" function.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24769", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00751", "scoring_system": "epss", "scoring_elements": "0.73477", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24769" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dgtlmoon/changedetection.io" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io/issues/1358", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T15:52:55Z/" } ], "url": "https://github.com/dgtlmoon/changedetection.io/issues/1358" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io/pull/1359", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dgtlmoon/changedetection.io/pull/1359" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/changedetection-io/PYSEC-2023-10.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/changedetection-io/PYSEC-2023-10.yaml" }, { "reference_url": "https://www.youtube.com/watch?v=TRTpRlkU3Hc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T15:52:55Z/" } ], "url": "https://www.youtube.com/watch?v=TRTpRlkU3Hc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24769", "reference_id": "CVE-2023-24769", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24769" }, { "reference_url": "https://www.edoardoottavianelli.it/CVE-2023-24769", "reference_id": "CVE-2023-24769", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T15:52:55Z/" } ], "url": "https://www.edoardoottavianelli.it/CVE-2023-24769" }, { "reference_url": "https://github.com/advisories/GHSA-68wj-c2jw-5pp9", "reference_id": "GHSA-68wj-c2jw-5pp9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-68wj-c2jw-5pp9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30573?format=api", "purl": "pkg:pypi/changedetection-io@0.40.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6aa7-urwd-tqgw" }, { "vulnerability": "VCID-a156-qupb-eqcv" }, { "vulnerability": "VCID-ek84-hjsn-yya7" }, { "vulnerability": "VCID-esz6-geex-bucb" }, { "vulnerability": "VCID-f4ss-7wu5-wqde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/changedetection-io@0.40.1.1" } ], "aliases": [ "CVE-2023-24769", "GHSA-68wj-c2jw-5pp9", "PYSEC-2023-10" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f8c5-jdxv-x7a7" } ], "fixing_vulnerabilities": [], "risk_score": "4.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/changedetection-io@0.39.1" }