Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/30550?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/30550?format=api", "purl": "pkg:pypi/changedetection-io@0.39.15", "type": "pypi", "namespace": "", "name": "changedetection-io", "version": "0.39.15", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "0.55.1", "latest_non_vulnerable_version": "0.55.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9666?format=api", "vulnerability_id": "VCID-6aa7-urwd-tqgw", "summary": "changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpath_filter() switches to XML mode for XML/RSS content and creates etree.XMLParser(strip_cdata=False) without explicitly disabling external entity resolution, external DTD loading, or network-backed entity lookup. The helper then parses untrusted XML bytes directly with etree.fromstring(...).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41895", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14682", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41895" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dgtlmoon/changedetection.io" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-v7cp-2cx9-x793", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T15:09:28Z/" } ], "url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-v7cp-2cx9-x793" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41895", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41895" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49205?format=api", "purl": "pkg:pypi/changedetection-io@0.54.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f4ss-7wu5-wqde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/changedetection-io@0.54.10" } ], "aliases": [ "CVE-2026-41895", "GHSA-v7cp-2cx9-x793", "PYSEC-2026-29" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6aa7-urwd-tqgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9479?format=api", "vulnerability_id": "VCID-a156-qupb-eqcv", "summary": "changedetection.io is a free open source web page change detection tool. A Stored Cross Site Scripting is present in changedetection.io Watch update API in versions prior to 0.50.34 due to insufficient security checks. Two scenarios are possible. In the first, an attacker can insert a new watch with an arbitrary URL which really points to a web page. Once the HTML content is retrieved, the attacker updates the URL with a JavaScript payload. In the second, an attacker substitutes the URL in an existing watch with a new URL that is in reality a JavaScript payload. When the user clicks on *Preview* and then on the malicious link, the JavaScript malicious code is executed. Version 0.50.34 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62780", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24222", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62780" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dgtlmoon/changedetection.io" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io/issues/3562", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dgtlmoon/changedetection.io/issues/3562" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io/pull/3564", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dgtlmoon/changedetection.io/pull/3564" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io/releases/tag/0.50.34", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dgtlmoon/changedetection.io/releases/tag/0.50.34" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-4c3j-3h7v-22q9", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-10T21:43:49Z/" } ], "url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-4c3j-3h7v-22q9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62780", "reference_id": "CVE-2025-62780", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62780" }, { "reference_url": "https://github.com/advisories/GHSA-4c3j-3h7v-22q9", "reference_id": "GHSA-4c3j-3h7v-22q9", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4c3j-3h7v-22q9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/45431?format=api", "purl": "pkg:pypi/changedetection-io@0.50.34", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6aa7-urwd-tqgw" }, { "vulnerability": "VCID-ek84-hjsn-yya7" }, { "vulnerability": "VCID-f4ss-7wu5-wqde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/changedetection-io@0.50.34" } ], "aliases": [ "CVE-2025-62780", "GHSA-4c3j-3h7v-22q9", "PYSEC-2025-91" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a156-qupb-eqcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9607?format=api", "vulnerability_id": "VCID-ek84-hjsn-yya7", "summary": "changedetection.io is a free open source web page change detection tool. Prior to 0.54.8, the @login_optionally_required decorator is placed before (outer to) @blueprint.route() instead of after it. In Flask, @route() must be the outermost decorator because it registers the function it receives. When the order is reversed, @route() registers the original undecorated function, and the auth wrapper is never in the call chain. This silently disables authentication on these routes. This vulnerability is fixed in 0.54.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35490", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09274", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35490" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dgtlmoon/changedetection.io" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io/commit/31a760c2147e3e73a403baf6d7de34dc50429c85", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dgtlmoon/changedetection.io/commit/31a760c2147e3e73a403baf6d7de34dc50429c85" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io/releases/tag/0.54.8", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dgtlmoon/changedetection.io/releases/tag/0.54.8" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-jmrh-xmgh-x9j4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-04-09T14:36:58Z/" } ], "url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-jmrh-xmgh-x9j4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35490", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35490" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48153?format=api", "purl": "pkg:pypi/changedetection-io@0.54.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6aa7-urwd-tqgw" }, { "vulnerability": "VCID-f4ss-7wu5-wqde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/changedetection-io@0.54.8" } ], "aliases": [ "CVE-2026-35490", "GHSA-jmrh-xmgh-x9j4", "PYSEC-2026-28" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ek84-hjsn-yya7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9022?format=api", "vulnerability_id": "VCID-esz6-geex-bucb", "summary": "changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint `/api/v1/watch/<uuid>/history` can be accessed by any unauthorized user. As a result any unauthorized user can check one's watch history. However, because unauthorized party first needs to know a watch UUID, and the watch history endpoint itself returns only paths to the snapshot on the server, an impact on users' data privacy is minimal. This issue has been addressed in version 0.45.13. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23329", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63995", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23329" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dgtlmoon/changedetection.io" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io/blob/9510345e01ea8e308c339163d8e8b030ce5ac7f1/changedetectionio/api/api_v1.py#L129-L156", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dgtlmoon/changedetection.io/blob/9510345e01ea8e308c339163d8e8b030ce5ac7f1/changedetectionio/api/api_v1.py#L129-L156" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io/commit/402f1e47e78ecd155b1e90f30cce424ff7763e0f", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T17:15:02Z/" } ], "url": "https://github.com/dgtlmoon/changedetection.io/commit/402f1e47e78ecd155b1e90f30cce424ff7763e0f" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-hcvp-2cc7-jrwr", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T17:15:02Z/" } ], "url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-hcvp-2cc7-jrwr" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/changedetection-io/PYSEC-2024-15.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/changedetection-io/PYSEC-2024-15.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23329", "reference_id": "CVE-2024-23329", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23329" }, { "reference_url": "https://github.com/advisories/GHSA-hcvp-2cc7-jrwr", "reference_id": "GHSA-hcvp-2cc7-jrwr", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hcvp-2cc7-jrwr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/37674?format=api", "purl": "pkg:pypi/changedetection-io@0.45.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6aa7-urwd-tqgw" }, { "vulnerability": "VCID-a156-qupb-eqcv" }, { "vulnerability": "VCID-ek84-hjsn-yya7" }, { "vulnerability": "VCID-f4ss-7wu5-wqde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/changedetection-io@0.45.13" } ], "aliases": [ "CVE-2024-23329", "GHSA-hcvp-2cc7-jrwr", "PYSEC-2024-15" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-esz6-geex-bucb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9667?format=api", "vulnerability_id": "VCID-f4ss-7wu5-wqde", "summary": "changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application extracts the archive and copies each restored watch UUID directory directly into the live datastore using shutil.copytree(entry.path, dst_dir). This preserves attacker-controlled files inside the restored watch directory, including history.txt. After restore, the application parses history.txt in the watch history property and returns the contents of the targeted local file. This vulnerability is fixed in 0.55.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43891", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11462", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43891" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dgtlmoon/changedetection.io" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-8757-69j2-hx56", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T14:36:12Z/" } ], "url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-8757-69j2-hx56" }, { "reference_url": "https://github.com/pocket-id/pocket-id/security/advisories/GHSA-w6p7-2fxx-4f44", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pocket-id/pocket-id/security/advisories/GHSA-w6p7-2fxx-4f44" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43891", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43891" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49206?format=api", "purl": "pkg:pypi/changedetection-io@0.55.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/changedetection-io@0.55.1" } ], "aliases": [ "CVE-2026-43891", "GHSA-8757-69j2-hx56", "PYSEC-2026-30" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f4ss-7wu5-wqde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8719?format=api", "vulnerability_id": "VCID-f8c5-jdxv-x7a7", "summary": "Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the \"Add a new change detection watch\" function.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24769", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00751", "scoring_system": "epss", "scoring_elements": "0.73477", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24769" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dgtlmoon/changedetection.io" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io/issues/1358", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T15:52:55Z/" } ], "url": "https://github.com/dgtlmoon/changedetection.io/issues/1358" }, { "reference_url": "https://github.com/dgtlmoon/changedetection.io/pull/1359", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dgtlmoon/changedetection.io/pull/1359" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/changedetection-io/PYSEC-2023-10.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/changedetection-io/PYSEC-2023-10.yaml" }, { "reference_url": "https://www.youtube.com/watch?v=TRTpRlkU3Hc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T15:52:55Z/" } ], "url": "https://www.youtube.com/watch?v=TRTpRlkU3Hc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24769", "reference_id": "CVE-2023-24769", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24769" }, { "reference_url": "https://www.edoardoottavianelli.it/CVE-2023-24769", "reference_id": "CVE-2023-24769", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T15:52:55Z/" } ], "url": "https://www.edoardoottavianelli.it/CVE-2023-24769" }, { "reference_url": "https://github.com/advisories/GHSA-68wj-c2jw-5pp9", "reference_id": "GHSA-68wj-c2jw-5pp9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-68wj-c2jw-5pp9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30573?format=api", "purl": "pkg:pypi/changedetection-io@0.40.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6aa7-urwd-tqgw" }, { "vulnerability": "VCID-a156-qupb-eqcv" }, { "vulnerability": "VCID-ek84-hjsn-yya7" }, { "vulnerability": "VCID-esz6-geex-bucb" }, { "vulnerability": "VCID-f4ss-7wu5-wqde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/changedetection-io@0.40.1.1" } ], "aliases": [ "CVE-2023-24769", "GHSA-68wj-c2jw-5pp9", "PYSEC-2023-10" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f8c5-jdxv-x7a7" } ], "fixing_vulnerabilities": [], "risk_score": "4.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/changedetection-io@0.39.15" }