changedetection.io vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-43891Highchangedetection.io: changedetection.io has an Arbitrary Local File Read via a crafted backup restoreCVE-2026-41895Highchangedetection.io: changedetection.io project has an XXE vulnerabilityCVE-2026-35490Criticalchangedetection.io: changedetection.io Vulnerable to Authentication Bypass via Decorator OrderingCVE-2026-33981Highchangedetection.io: Changedetection.io Discloses Environment Variables via jq env Builtin in Include FiltersCVE-2026-29065Highchangedetection.io: changedetection.io has Zip Slip vulnerability in the backup restore functionalityCVE-2026-29039Highchangedetection.io: changedetection.io vulnerable to XPath - Arbitrary File Read via unparsed-text()CVE-2026-29038Mediumchangedetection.io: changedetection.io has Reflected XSS in its RSS Tag Error ResponseCVE-2026-27696Highchangedetection.io: changedetection.io is Vulnerable to SSRF via Watch URLsCVE-2026-27645Mediumchangedetection.io: changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error ResponseCVE-2025-62780Lowchangedetection.io: changedetection.io: Stored XSS in Watch update via APICVE-2025-52558Highchangedetection.io: ChangeDetection.io XSS in watch overviewCVE-2024-56509Highchangedetection.io: changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path TraversalCVE-2024-51998Highchangedetection.io: changedetection.io path traversal using file URI scheme without supplying hostnameCVE-2024-51483Mediumchangedetection.io: changedetection.io Path TraversalCVE-2024-32651Criticalchangedetection.io: changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command…CVE-2024-34061Mediumchangedetection.io: changedetection.io Cross-site Scripting vulnerabilityCVE-2024-23329Lowchangedetection.io: changedetection.io API endpoint is not secured with API tokenCVE-2023-24769Mediumchangedetection.io: Stored cross site scripting in changedetection.io

Stop the waste.
Protect your environment with Kodem.