VYPR

changedetection.io

by changedetection.io

pypi: changedetection.io

CVEs (2)

  • CVE-2023-24769MedFeb 17, 2023
    risk 0.28cvss 5.4epss 0.01

    Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the "Add a…

  • CVE-2026-25527Feb 19, 2026
    risk 0.00cvss epss 0.01

    changedetection.io is a free open source web page change detection tool. In versions prior to 0.53.2, the `/static//` route accepts `group=".."`, which causes `send_from_directory("static/..", filename)` to execute. This moves the base directory up to…