Dgtlmoon Changedetection.io
19 CVEs affecting Dgtlmoon Changedetection.io. Latest disclosed: 2026-05-12. Critical: 2, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-32651 | Critical | 10.0 | 2024-04-25 | changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Inje… |
CVE-2026-35490 | Critical | 9.8 | 2026-04-07 | changedetection.io is a free open source web page change detection tool. Prior to 0.54.8, the @login_optionally_required decorator is placed before (outer to)… |
CVE-2026-27696 | High | 8.6 | 2026-02-25 | changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, changedetection.io is vulnerable to Server-Side Request F… |
CVE-2024-56509 | High | 8.6 | 2024-12-27 | changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Improper input validation in the… |
CVE-2024-51998 | High | 8.6 | 2024-11-07 | changedetection.io is a free open source web page change detection tool. The validation for the file URI scheme falls short, and results in an attacker being a… |
CVE-2026-43891 | High | 7.5 | 2026-05-12 | changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot… |
CVE-2026-41895 | High | 7.5 | 2026-05-12 | changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpath_filter() switches to XML mode for XML/RSS content and cre… |
CVE-2026-35000 | Medium | 6.5 | 2026-04-01 | ChangeDetection.io versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPath3Parser implementation that allows attackers to read arbi… |
CVE-2026-29038 | Medium | 6.1 | 2026-03-06 | changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, there is a reflected cross-site scripting (XSS) vulnerability… |
CVE-2026-27645 | Medium | 6.1 | 2026-02-25 | changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, the RSS single-watch endpoint reflects the UUID path para… |
CVE-2026-25527 | Medium | 5.3 | 2026-02-19 | changedetection.io is a free open source web page change detection tool. In versions prior to 0.53.2, the `/static/<group>/<filename>` route accepts `group="… |
CVE-2024-34061 | Medium | 4.3 | 2024-05-02 | changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. In affected versions Input in pa… |
CVE-2024-23329 | Low | 3.7 | 2024-01-19 | changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint `/api/v1/watch/<uuid>/histor… |
CVE-2025-62780 | Low | 3.5 | 2025-11-10 | changedetection.io is a free open source web page change detection tool. A Stored Cross Site Scripting is present in changedetection.io Watch update API in ver… |
CVE-2026-33981 | | 2026-03-27 | changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the `jq:` and `jqraw:` include filter expressions allow use of the jq… | |
CVE-2026-29065 | | 2026-03-06 | changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, a Zip Slip vulnerability in the backup restore functionality… | |
CVE-2026-29039 | | 2026-03-06 | changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XP… | |
CVE-2025-52558 | | 2025-06-23 | changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Prior to version 0.50.4, errors… | |
CVE-2024-51483 | | 2024-11-01 | changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, `source:file:///e… |