Overview · dgtlmoon/changedetection.io · GitHub

Security

No security policy detected

This project has not set up a SECURITY.md file yet.

Report a vulnerability

Arbitrary Local File Read via crafted backup restore
GHSA-8757-69j2-hx56 published Apr 27, 2026 by dgtlmoon

High
# changedetection.io_XXE_01 Vulnerability Report: We discovered a XXE vulnerability in the changedetection.io project
GHSA-v7cp-2cx9-x793 published Apr 27, 2026 by dgtlmoon

Moderate
Authentication Bypass via Decorator Ordering
GHSA-jmrh-xmgh-x9j4 published Apr 4, 2026 by dgtlmoon

Critical
Environment Variable Disclosure via jq env Builtin in Include Filters
GHSA-58r7-4wr5-hfx8 published Mar 26, 2026 by dgtlmoon

High
Zip Slip vulnerability in the backup restore functionality, zip bomb size protection
GHSA-25g8-2mcf-fcx9 published Mar 4, 2026 by dgtlmoon

Critical
XPath - Arbitrary File Read via unparsed-text()
GHSA-6fmw-82m7-jq6p published Mar 4, 2026 by dgtlmoon

Critical
Reflected XSS in RSS Tag Error Response - Latest Version (v0.54.1)
GHSA-8whx-v8qq-pq64 published Mar 4, 2026 by dgtlmoon

Moderate
Reflected XSS in RSS Single Watch Error Response <= (v0.53.6)
GHSA-mw8m-398g-h89w published Feb 23, 2026 by dgtlmoon

Moderate
Server-Side Request Forgery (SSRF) via Watch URLs
GHSA-3c45-4pj5-ch7m published Feb 23, 2026 by dgtlmoon

High
Unauthenticated static path traversal
GHSA-9jj8-v89v-xjvw published Feb 16, 2026 by dgtlmoon

Moderate

Learn more about advisories related to dgtlmoon/changedetection.io in the GitHub Advisory Database