Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/changedetection-io@0.45.24
Typepypi
Namespace
Namechangedetection-io
Version0.45.24
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.55.1
Latest_non_vulnerable_version0.55.1
Affected_by_vulnerabilities
0
url VCID-6aa7-urwd-tqgw
vulnerability_id VCID-6aa7-urwd-tqgw
summary changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpath_filter() switches to XML mode for XML/RSS content and creates etree.XMLParser(strip_cdata=False) without explicitly disabling external entity resolution, external DTD loading, or network-backed entity lookup. The helper then parses untrusted XML bytes directly with etree.fromstring(...).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-41895
reference_id
reference_type
scores
0
value 0.00046
scoring_system epss
scoring_elements 0.14682
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-41895
1
reference_url https://github.com/dgtlmoon/changedetection.io
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dgtlmoon/changedetection.io
2
reference_url https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-v7cp-2cx9-x793
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T15:09:28Z/
url https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-v7cp-2cx9-x793
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-41895
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-41895
4
reference_url https://github.com/advisories/GHSA-v7cp-2cx9-x793
reference_id GHSA-v7cp-2cx9-x793
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v7cp-2cx9-x793
fixed_packages
0
url pkg:pypi/changedetection-io@0.54.10
purl pkg:pypi/changedetection-io@0.54.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f4ss-7wu5-wqde
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/changedetection-io@0.54.10
aliases CVE-2026-41895, GHSA-v7cp-2cx9-x793, PYSEC-2026-29
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6aa7-urwd-tqgw
1
url VCID-a156-qupb-eqcv
vulnerability_id VCID-a156-qupb-eqcv
summary changedetection.io is a free open source web page change detection tool. A Stored Cross Site Scripting is present in changedetection.io Watch update API in versions prior to 0.50.34 due to insufficient security checks. Two scenarios are possible. In the first, an attacker can insert a new watch with an arbitrary URL which really points to a web page. Once the HTML content is retrieved, the attacker updates the URL with a JavaScript payload. In the second, an attacker substitutes the URL in an existing watch with a new URL that is in reality a JavaScript payload. When the user clicks on *Preview* and then on the malicious link, the JavaScript malicious code is executed. Version 0.50.34 fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62780
reference_id
reference_type
scores
0
value 0.00083
scoring_system epss
scoring_elements 0.24222
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62780
1
reference_url https://github.com/dgtlmoon/changedetection.io
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/dgtlmoon/changedetection.io
2
reference_url https://github.com/dgtlmoon/changedetection.io/issues/3562
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/dgtlmoon/changedetection.io/issues/3562
3
reference_url https://github.com/dgtlmoon/changedetection.io/pull/3564
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/dgtlmoon/changedetection.io/pull/3564
4
reference_url https://github.com/dgtlmoon/changedetection.io/releases/tag/0.50.34
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/dgtlmoon/changedetection.io/releases/tag/0.50.34
5
reference_url https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-4c3j-3h7v-22q9
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value LOW
scoring_system cvssv3.1_qr
scoring_elements
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-10T21:43:49Z/
url https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-4c3j-3h7v-22q9
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-62780
reference_id CVE-2025-62780
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-62780
7
reference_url https://github.com/advisories/GHSA-4c3j-3h7v-22q9
reference_id GHSA-4c3j-3h7v-22q9
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4c3j-3h7v-22q9
fixed_packages
0
url pkg:pypi/changedetection-io@0.50.34
purl pkg:pypi/changedetection-io@0.50.34
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6aa7-urwd-tqgw
1
vulnerability VCID-ek84-hjsn-yya7
2
vulnerability VCID-f4ss-7wu5-wqde
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/changedetection-io@0.50.34
aliases CVE-2025-62780, GHSA-4c3j-3h7v-22q9, PYSEC-2025-91
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a156-qupb-eqcv
2
url VCID-ek84-hjsn-yya7
vulnerability_id VCID-ek84-hjsn-yya7
summary changedetection.io is a free open source web page change detection tool. Prior to 0.54.8, the @login_optionally_required decorator is placed before (outer to) @blueprint.route() instead of after it. In Flask, @route() must be the outermost decorator because it registers the function it receives. When the order is reversed, @route() registers the original undecorated function, and the auth wrapper is never in the call chain. This silently disables authentication on these routes. This vulnerability is fixed in 0.54.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35490
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09274
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35490
1
reference_url https://github.com/dgtlmoon/changedetection.io
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dgtlmoon/changedetection.io
2
reference_url https://github.com/dgtlmoon/changedetection.io/commit/31a760c2147e3e73a403baf6d7de34dc50429c85
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dgtlmoon/changedetection.io/commit/31a760c2147e3e73a403baf6d7de34dc50429c85
3
reference_url https://github.com/dgtlmoon/changedetection.io/releases/tag/0.54.8
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dgtlmoon/changedetection.io/releases/tag/0.54.8
4
reference_url https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-jmrh-xmgh-x9j4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-04-09T14:36:58Z/
url https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-jmrh-xmgh-x9j4
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-35490
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-35490
6
reference_url https://github.com/advisories/GHSA-jmrh-xmgh-x9j4
reference_id GHSA-jmrh-xmgh-x9j4
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jmrh-xmgh-x9j4
fixed_packages
0
url pkg:pypi/changedetection-io@0.54.8
purl pkg:pypi/changedetection-io@0.54.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6aa7-urwd-tqgw
1
vulnerability VCID-f4ss-7wu5-wqde
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/changedetection-io@0.54.8
aliases CVE-2026-35490, GHSA-jmrh-xmgh-x9j4, PYSEC-2026-28
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ek84-hjsn-yya7
3
url VCID-f4ss-7wu5-wqde
vulnerability_id VCID-f4ss-7wu5-wqde
summary changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application extracts the archive and copies each restored watch UUID directory directly into the live datastore using shutil.copytree(entry.path, dst_dir). This preserves attacker-controlled files inside the restored watch directory, including history.txt. After restore, the application parses history.txt in the watch history property and returns the contents of the targeted local file. This vulnerability is fixed in 0.55.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-43891
reference_id
reference_type
scores
0
value 0.00037
scoring_system epss
scoring_elements 0.11462
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-43891
1
reference_url https://github.com/dgtlmoon/changedetection.io
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dgtlmoon/changedetection.io
2
reference_url https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-8757-69j2-hx56
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T14:36:12Z/
url https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-8757-69j2-hx56
3
reference_url https://github.com/pocket-id/pocket-id/security/advisories/GHSA-w6p7-2fxx-4f44
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pocket-id/pocket-id/security/advisories/GHSA-w6p7-2fxx-4f44
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-43891
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-43891
5
reference_url https://github.com/advisories/GHSA-8757-69j2-hx56
reference_id GHSA-8757-69j2-hx56
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8757-69j2-hx56
fixed_packages
0
url pkg:pypi/changedetection-io@0.55.1
purl pkg:pypi/changedetection-io@0.55.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/changedetection-io@0.55.1
aliases CVE-2026-43891, GHSA-8757-69j2-hx56, PYSEC-2026-30
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f4ss-7wu5-wqde
Fixing_vulnerabilities
Risk_score4.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/changedetection-io@0.45.24