{"url":"http://public2.vulnerablecode.io/api/packages/951686?format=json","purl":"pkg:pypi/changedetection.io@0.51.2","type":"pypi","namespace":"","name":"changedetection.io","version":"0.51.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.55.1","latest_non_vulnerable_version":"0.55.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80757?format=json","vulnerability_id":"VCID-6r4e-eq4u-yuek","summary":"changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpath_filter() switches to XML mode for XML/RSS content and creates etree.XMLParser(strip_cdata=False) without explicitly disabling external entity resolution, external DTD loading, or network-backed entity lookup. The helper then parses untrusted XML bytes directly with etree.fromstring(...).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41895","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14724","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41895"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dgtlmoon/changedetection.io"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/changedetection-io/PYSEC-2026-29.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/changedetection-io/PYSEC-2026-29.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41895","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41895"},{"reference_url":"https://github.com/advisories/GHSA-v7cp-2cx9-x793","reference_id":"GHSA-v7cp-2cx9-x793","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v7cp-2cx9-x793"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-v7cp-2cx9-x793","reference_id":"GHSA-v7cp-2cx9-x793","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T15:09:28Z/"}],"url":"https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-v7cp-2cx9-x793"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1053930?format=json","purl":"pkg:pypi/changedetection.io@0.54.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fnhh-j4zf-7ya9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/changedetection.io@0.54.10"}],"aliases":["CVE-2026-41895","GHSA-v7cp-2cx9-x793","PYSEC-2026-29"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6r4e-eq4u-yuek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73979?format=json","vulnerability_id":"VCID-6vhr-wdcn-byf8","summary":"changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the include_filters field. These XPath expressions are processed using the elementpath library which implements XPath 3.0/3.1 specification. XPath 3.0 includes the unparsed-text() function which can read arbitrary files from the filesystem. The application does not validate or sanitize XPath expressions to block dangerous functions, allowing an attacker to read any file accessible to the application process. This issue has been patched in version 0.54.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29039","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05731","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29039"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dgtlmoon/changedetection.io"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io/releases/tag/0.54.4","reference_id":"0.54.4","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-09T19:58:13Z/"}],"url":"https://github.com/dgtlmoon/changedetection.io/releases/tag/0.54.4"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io/commit/417d57e5749441e4be9acc4010369bded805d66f","reference_id":"417d57e5749441e4be9acc4010369bded805d66f","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-09T19:58:13Z/"}],"url":"https://github.com/dgtlmoon/changedetection.io/commit/417d57e5749441e4be9acc4010369bded805d66f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29039","reference_id":"CVE-2026-29039","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29039"},{"reference_url":"https://github.com/advisories/GHSA-6fmw-82m7-jq6p","reference_id":"GHSA-6fmw-82m7-jq6p","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6fmw-82m7-jq6p"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-6fmw-82m7-jq6p","reference_id":"GHSA-6fmw-82m7-jq6p","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-09T19:58:13Z/"}],"url":"https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-6fmw-82m7-jq6p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40204?format=json","purl":"pkg:pypi/changedetection.io@0.54.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6r4e-eq4u-yuek"},{"vulnerability":"VCID-fnhh-j4zf-7ya9"},{"vulnerability":"VCID-g9np-9kpd-d7hx"},{"vulnerability":"VCID-u9sm-antt-4yh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/changedetection.io@0.54.4"}],"aliases":["CVE-2026-29039","GHSA-6fmw-82m7-jq6p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6vhr-wdcn-byf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74067?format=json","vulnerability_id":"VCID-b36q-52sb-tkd6","summary":"changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, there is a reflected cross-site scripting (XSS) vulnerability identified in the /rss/tag/ endpoint of changedetection.io. The tag_uuid path parameter is reflected directly in the HTTP response body without HTML escaping. Since Flask returns text/html by default for plain string responses, the browser parses and executes injected JavaScript. This issue has been patched in version 0.54.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29038","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05865","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29038"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dgtlmoon/changedetection.io"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io/releases/tag/0.54.4","reference_id":"0.54.4","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-09T19:57:33Z/"}],"url":"https://github.com/dgtlmoon/changedetection.io/releases/tag/0.54.4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29038","reference_id":"CVE-2026-29038","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29038"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io/commit/ec7d56f85d1e9690fca7cb4711c1fb20dffec780","reference_id":"ec7d56f85d1e9690fca7cb4711c1fb20dffec780","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-09T19:57:33Z/"}],"url":"https://github.com/dgtlmoon/changedetection.io/commit/ec7d56f85d1e9690fca7cb4711c1fb20dffec780"},{"reference_url":"https://github.com/advisories/GHSA-8whx-v8qq-pq64","reference_id":"GHSA-8whx-v8qq-pq64","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8whx-v8qq-pq64"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-8whx-v8qq-pq64","reference_id":"GHSA-8whx-v8qq-pq64","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-09T19:57:33Z/"}],"url":"https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-8whx-v8qq-pq64"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-mw8m-398g-h89w","reference_id":"GHSA-mw8m-398g-h89w","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-mw8m-398g-h89w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40204?format=json","purl":"pkg:pypi/changedetection.io@0.54.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6r4e-eq4u-yuek"},{"vulnerability":"VCID-fnhh-j4zf-7ya9"},{"vulnerability":"VCID-g9np-9kpd-d7hx"},{"vulnerability":"VCID-u9sm-antt-4yh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/changedetection.io@0.54.4"}],"aliases":["CVE-2026-29038","GHSA-8whx-v8qq-pq64"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b36q-52sb-tkd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65513?format=json","vulnerability_id":"VCID-fnhh-j4zf-7ya9","summary":"changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application extracts the archive and copies each restored watch UUID directory directly into the live datastore using shutil.copytree(entry.path, dst_dir). This preserves attacker-controlled files inside the restored watch directory, including history.txt. After restore, the application parses history.txt in the watch history property and  returns the contents of the targeted local file. This vulnerability is fixed in 0.55.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43891","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11452","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43891"},{"reference_url":"https://github.com/advisories/GHSA-8757-69j2-hx56","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8757-69j2-hx56"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dgtlmoon/changedetection.io"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/changedetection-io/PYSEC-2026-30.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/changedetection-io/PYSEC-2026-30.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43891","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43891"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-8757-69j2-hx56","reference_id":"GHSA-8757-69j2-hx56","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T14:36:12Z/"}],"url":"https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-8757-69j2-hx56"},{"reference_url":"https://github.com/pocket-id/pocket-id/security/advisories/GHSA-w6p7-2fxx-4f44","reference_id":"GHSA-w6p7-2fxx-4f44","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pocket-id/pocket-id/security/advisories/GHSA-w6p7-2fxx-4f44"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376013?format=json","purl":"pkg:pypi/changedetection.io@0.55.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/changedetection.io@0.55.1"}],"aliases":["CVE-2026-43891","GHSA-8757-69j2-hx56","PYSEC-2026-30"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fnhh-j4zf-7ya9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78203?format=json","vulnerability_id":"VCID-g9np-9kpd-d7hx","summary":"changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the `jq:` and `jqraw:` include filter expressions allow use of the jq `env` builtin, which reads all process environment variables and stores them as the watch snapshot. An authenticated user (or unauthenticated user when no password is set, the default) can leak sensitive environment variables including `SALTED_PASS`, `PLAYWRIGHT_DRIVER_URL`, `HTTP_PROXY`, and any secrets passed as env vars to the container. Version 0.54.7 patches the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33981","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04917","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33981"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dgtlmoon/changedetection.io"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33981","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33981"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io/releases/tag/0.54.7","reference_id":"0.54.7","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-30T18:36:19Z/"}],"url":"https://github.com/dgtlmoon/changedetection.io/releases/tag/0.54.7"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io/commit/65517a9c74a0cbe1a4661314470b28131ef5557f","reference_id":"65517a9c74a0cbe1a4661314470b28131ef5557f","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-30T18:36:19Z/"}],"url":"https://github.com/dgtlmoon/changedetection.io/commit/65517a9c74a0cbe1a4661314470b28131ef5557f"},{"reference_url":"https://github.com/advisories/GHSA-58r7-4wr5-hfx8","reference_id":"GHSA-58r7-4wr5-hfx8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-58r7-4wr5-hfx8"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-58r7-4wr5-hfx8","reference_id":"GHSA-58r7-4wr5-hfx8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-30T18:36:19Z/"}],"url":"https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-58r7-4wr5-hfx8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375068?format=json","purl":"pkg:pypi/changedetection.io@0.54.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6r4e-eq4u-yuek"},{"vulnerability":"VCID-fnhh-j4zf-7ya9"},{"vulnerability":"VCID-u9sm-antt-4yh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/changedetection.io@0.54.7"}],"aliases":["CVE-2026-33981","GHSA-58r7-4wr5-hfx8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g9np-9kpd-d7hx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79732?format=json","vulnerability_id":"VCID-gcdt-mdbg-f7c3","summary":"changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, changedetection.io is vulnerable to Server-Side Request Forgery (SSRF) because the URL validation function `is_safe_valid_url()` does not validate the resolved IP address of watch URLs against private, loopback, or link-local address ranges. An authenticated user (or any user when no password is configured, which is the default) can add a watch for internal network URLs. The application fetches these URLs server-side, stores the response content, and makes it viewable through the web UI — enabling full data exfiltration from internal services. Version 0.54.1 contains a fix for the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27696","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0639","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27696"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dgtlmoon/changedetection.io"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27696","reference_id":"CVE-2026-27696","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27696"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io/commit/fe7aa38c651d73fe5f41ce09855fa8f97193747b","reference_id":"fe7aa38c651d73fe5f41ce09855fa8f97193747b","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-25T14:51:00Z/"}],"url":"https://github.com/dgtlmoon/changedetection.io/commit/fe7aa38c651d73fe5f41ce09855fa8f97193747b"},{"reference_url":"https://github.com/advisories/GHSA-3c45-4pj5-ch7m","reference_id":"GHSA-3c45-4pj5-ch7m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3c45-4pj5-ch7m"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-3c45-4pj5-ch7m","reference_id":"GHSA-3c45-4pj5-ch7m","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-25T14:51:00Z/"}],"url":"https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-3c45-4pj5-ch7m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39872?format=json","purl":"pkg:pypi/changedetection.io@0.54.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6r4e-eq4u-yuek"},{"vulnerability":"VCID-6vhr-wdcn-byf8"},{"vulnerability":"VCID-b36q-52sb-tkd6"},{"vulnerability":"VCID-fnhh-j4zf-7ya9"},{"vulnerability":"VCID-g9np-9kpd-d7hx"},{"vulnerability":"VCID-tkfe-t9cg-yqb3"},{"vulnerability":"VCID-u9sm-antt-4yh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/changedetection.io@0.54.1"}],"aliases":["CVE-2026-27696","GHSA-3c45-4pj5-ch7m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gcdt-mdbg-f7c3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79885?format=json","vulnerability_id":"VCID-mfn1-axbk-suf9","summary":"changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, the RSS single-watch endpoint reflects the UUID path parameter directly in the HTTP response body without HTML escaping. Since Flask returns text/html by default for plain string responses, the browser parses and executes injected JavaScript. Version 0.54.1 contains a fix for the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27645","reference_id":"","reference_type":"","scores":[{"value":"0.00715","scoring_system":"epss","scoring_elements":"0.72825","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27645"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dgtlmoon/changedetection.io"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io/commit/a385c89abf44b52fcfa20c7c6a6dd3047c4c1eb5","reference_id":"a385c89abf44b52fcfa20c7c6a6dd3047c4c1eb5","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T14:55:52Z/"}],"url":"https://github.com/dgtlmoon/changedetection.io/commit/a385c89abf44b52fcfa20c7c6a6dd3047c4c1eb5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27645","reference_id":"CVE-2026-27645","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27645"},{"reference_url":"https://github.com/advisories/GHSA-mw8m-398g-h89w","reference_id":"GHSA-mw8m-398g-h89w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mw8m-398g-h89w"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-mw8m-398g-h89w","reference_id":"GHSA-mw8m-398g-h89w","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T14:55:52Z/"}],"url":"https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-mw8m-398g-h89w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39871?format=json","purl":"pkg:pypi/changedetection.io@0.53.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6r4e-eq4u-yuek"},{"vulnerability":"VCID-6vhr-wdcn-byf8"},{"vulnerability":"VCID-b36q-52sb-tkd6"},{"vulnerability":"VCID-fnhh-j4zf-7ya9"},{"vulnerability":"VCID-g9np-9kpd-d7hx"},{"vulnerability":"VCID-gcdt-mdbg-f7c3"},{"vulnerability":"VCID-tkfe-t9cg-yqb3"},{"vulnerability":"VCID-u9sm-antt-4yh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/changedetection.io@0.53.7"}],"aliases":["CVE-2026-27645","GHSA-mw8m-398g-h89w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mfn1-axbk-suf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74002?format=json","vulnerability_id":"VCID-tkfe-t9cg-yqb3","summary":"changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, a Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. This issue has been patched in version 0.54.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29065","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.0932","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29065"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dgtlmoon/changedetection.io"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io/releases/tag/0.54.4","reference_id":"0.54.4","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-03-09T19:59:02Z/"}],"url":"https://github.com/dgtlmoon/changedetection.io/releases/tag/0.54.4"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io/commit/1d7d812eb0faab37042246e2fbce04f29bb1b3aa","reference_id":"1d7d812eb0faab37042246e2fbce04f29bb1b3aa","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-03-09T19:59:02Z/"}],"url":"https://github.com/dgtlmoon/changedetection.io/commit/1d7d812eb0faab37042246e2fbce04f29bb1b3aa"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29065","reference_id":"CVE-2026-29065","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29065"},{"reference_url":"https://github.com/advisories/GHSA-25g8-2mcf-fcx9","reference_id":"GHSA-25g8-2mcf-fcx9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-25g8-2mcf-fcx9"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-25g8-2mcf-fcx9","reference_id":"GHSA-25g8-2mcf-fcx9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-03-09T19:59:02Z/"}],"url":"https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-25g8-2mcf-fcx9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40204?format=json","purl":"pkg:pypi/changedetection.io@0.54.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6r4e-eq4u-yuek"},{"vulnerability":"VCID-fnhh-j4zf-7ya9"},{"vulnerability":"VCID-g9np-9kpd-d7hx"},{"vulnerability":"VCID-u9sm-antt-4yh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/changedetection.io@0.54.4"}],"aliases":["CVE-2026-29065","GHSA-25g8-2mcf-fcx9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tkfe-t9cg-yqb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71878?format=json","vulnerability_id":"VCID-u9sm-antt-4yh9","summary":"changedetection.io is a free open source web page change detection tool. Prior to 0.54.8, the @login_optionally_required decorator is placed before (outer to) @blueprint.route() instead of after it. In Flask, @route() must be the outermost decorator because it registers the function it receives. When the order is reversed, @route() registers the original undecorated function, and the auth wrapper is never in the call chain. This silently disables authentication on these routes. This vulnerability is fixed in 0.54.8.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35490","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09249","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35490"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dgtlmoon/changedetection.io"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io/commit/31a760c2147e3e73a403baf6d7de34dc50429c85","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dgtlmoon/changedetection.io/commit/31a760c2147e3e73a403baf6d7de34dc50429c85"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io/releases/tag/0.54.8","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dgtlmoon/changedetection.io/releases/tag/0.54.8"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/changedetection-io/PYSEC-2026-28.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/changedetection-io/PYSEC-2026-28.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35490","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35490"},{"reference_url":"https://github.com/advisories/GHSA-jmrh-xmgh-x9j4","reference_id":"GHSA-jmrh-xmgh-x9j4","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jmrh-xmgh-x9j4"},{"reference_url":"https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-jmrh-xmgh-x9j4","reference_id":"GHSA-jmrh-xmgh-x9j4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-04-09T14:36:58Z/"}],"url":"https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-jmrh-xmgh-x9j4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374156?format=json","purl":"pkg:pypi/changedetection.io@0.54.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6r4e-eq4u-yuek"},{"vulnerability":"VCID-fnhh-j4zf-7ya9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/changedetection.io@0.54.8"}],"aliases":["CVE-2026-35490","GHSA-jmrh-xmgh-x9j4","PYSEC-2026-28"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u9sm-antt-4yh9"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/changedetection.io@0.51.2"}