Security: dgtlmoon/changedetection.io
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
Zip Slip vulnerability in the backup restore functionality, zip bomb size protectionGHSA-25g8-2mcf-fcx9 published
Mar 4, 2026 by dgtlmoonCritical -
XPath - Arbitrary File Read via unparsed-text()GHSA-6fmw-82m7-jq6p published
Mar 4, 2026 by dgtlmoonCritical -
Reflected XSS in RSS Tag Error Response - Latest Version (v0.54.1)GHSA-8whx-v8qq-pq64 published
Mar 4, 2026 by dgtlmoonModerate -
Reflected XSS in RSS Single Watch Error Response <= (v0.53.6)GHSA-mw8m-398g-h89w published
Feb 23, 2026 by dgtlmoonModerate -
Server-Side Request Forgery (SSRF) via Watch URLsGHSA-3c45-4pj5-ch7m published
Feb 23, 2026 by dgtlmoonHigh -
Unauthenticated static path traversalGHSA-9jj8-v89v-xjvw published
Feb 16, 2026 by dgtlmoonModerate -
Stored XSS in Watch update via APIGHSA-4c3j-3h7v-22q9 published
Nov 10, 2025 by dgtlmoonLow -
XSS In watch overview, failure to fully filter error texts generated by website page change filtersGHSA-hwpg-x5hw-vpv9 published
Jun 21, 2025 by dgtlmoonHigh -
Improper Input Validation Leading to LFR/Path TraversalGHSA-j5vv-6wjg-cfr8 published
Dec 27, 2024 by dgtlmoonHigh -
Path traversal using file URI scheme without supplying hostnameGHSA-6jrf-rcjf-245r published
Nov 7, 2024 by dgtlmoonHigh
Learn more about advisories related to dgtlmoon/changedetection.io in the GitHub Advisory Database