Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/changedetection-io@0.50.42
Typepypi
Namespace
Namechangedetection-io
Version0.50.42
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.55.1
Latest_non_vulnerable_version0.55.1
Affected_by_vulnerabilities
0
url VCID-6154-3xru-6bdz
vulnerability_id VCID-6154-3xru-6bdz
summary changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application extracts the archive and copies each restored watch UUID directory directly into the live datastore using shutil.copytree(entry.path, dst_dir). This preserves attacker-controlled files inside the restored watch directory, including history.txt. After restore, the application parses history.txt in the watch history property and returns the contents of the targeted local file. This vulnerability is fixed in 0.55.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-43891
reference_id
reference_type
scores
0
value 0.00037
scoring_system epss
scoring_elements 0.11485
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-43891
1
reference_url https://github.com/dgtlmoon/changedetection.io
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dgtlmoon/changedetection.io
2
reference_url https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-8757-69j2-hx56
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T14:36:12Z/
url https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-8757-69j2-hx56
3
reference_url https://github.com/pocket-id/pocket-id/security/advisories/GHSA-w6p7-2fxx-4f44
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pocket-id/pocket-id/security/advisories/GHSA-w6p7-2fxx-4f44
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/changedetection-io/PYSEC-2026-30.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/changedetection-io/PYSEC-2026-30.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-43891
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-43891
6
reference_url https://github.com/advisories/GHSA-8757-69j2-hx56
reference_id GHSA-8757-69j2-hx56
reference_type
scores
url https://github.com/advisories/GHSA-8757-69j2-hx56
fixed_packages
0
url pkg:pypi/changedetection-io@0.55.1
purl pkg:pypi/changedetection-io@0.55.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/changedetection-io@0.55.1
aliases CVE-2026-43891, GHSA-8757-69j2-hx56, PYSEC-2026-30
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6154-3xru-6bdz
1
url VCID-a7m7-dqk3-muf7
vulnerability_id VCID-a7m7-dqk3-muf7
summary changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpath_filter() switches to XML mode for XML/RSS content and creates etree.XMLParser(strip_cdata=False) without explicitly disabling external entity resolution, external DTD loading, or network-backed entity lookup. The helper then parses untrusted XML bytes directly with etree.fromstring(...).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-41895
reference_id
reference_type
scores
0
value 0.00046
scoring_system epss
scoring_elements 0.1472
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-41895
1
reference_url https://github.com/dgtlmoon/changedetection.io
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dgtlmoon/changedetection.io
2
reference_url https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-v7cp-2cx9-x793
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T15:09:28Z/
url https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-v7cp-2cx9-x793
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/changedetection-io/PYSEC-2026-29.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/changedetection-io/PYSEC-2026-29.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-41895
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-41895
5
reference_url https://github.com/advisories/GHSA-v7cp-2cx9-x793
reference_id GHSA-v7cp-2cx9-x793
reference_type
scores
url https://github.com/advisories/GHSA-v7cp-2cx9-x793
fixed_packages
0
url pkg:pypi/changedetection-io@0.54.10
purl pkg:pypi/changedetection-io@0.54.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6154-3xru-6bdz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/changedetection-io@0.54.10
aliases CVE-2026-41895, GHSA-v7cp-2cx9-x793, PYSEC-2026-29
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a7m7-dqk3-muf7
2
url VCID-pnn6-ap8j-6qhv
vulnerability_id VCID-pnn6-ap8j-6qhv
summary changedetection.io is a free open source web page change detection tool. Prior to 0.54.8, the @login_optionally_required decorator is placed before (outer to) @blueprint.route() instead of after it. In Flask, @route() must be the outermost decorator because it registers the function it receives. When the order is reversed, @route() registers the original undecorated function, and the auth wrapper is never in the call chain. This silently disables authentication on these routes. This vulnerability is fixed in 0.54.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35490
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09192
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35490
1
reference_url https://github.com/dgtlmoon/changedetection.io
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dgtlmoon/changedetection.io
2
reference_url https://github.com/dgtlmoon/changedetection.io/commit/31a760c2147e3e73a403baf6d7de34dc50429c85
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dgtlmoon/changedetection.io/commit/31a760c2147e3e73a403baf6d7de34dc50429c85
3
reference_url https://github.com/dgtlmoon/changedetection.io/releases/tag/0.54.8
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dgtlmoon/changedetection.io/releases/tag/0.54.8
4
reference_url https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-jmrh-xmgh-x9j4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-04-09T14:36:58Z/
url https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-jmrh-xmgh-x9j4
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/changedetection-io/PYSEC-2026-28.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/changedetection-io/PYSEC-2026-28.yaml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-35490
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-35490
7
reference_url https://github.com/advisories/GHSA-jmrh-xmgh-x9j4
reference_id GHSA-jmrh-xmgh-x9j4
reference_type
scores
url https://github.com/advisories/GHSA-jmrh-xmgh-x9j4
fixed_packages
0
url pkg:pypi/changedetection-io@0.54.8
purl pkg:pypi/changedetection-io@0.54.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6154-3xru-6bdz
1
vulnerability VCID-a7m7-dqk3-muf7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/changedetection-io@0.54.8
aliases CVE-2026-35490, GHSA-jmrh-xmgh-x9j4, PYSEC-2026-28
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pnn6-ap8j-6qhv
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/changedetection-io@0.50.42