VYPR

Fedify

by Fedify Dev

Source repositories

CVEs (7)

  • CVE-2025-54888HigAug 9, 2025
    risk 0.50cvss epss 0.01

    Fedify is a TypeScript library for building federated server apps powered by ActivityPub. In versions below 1.3.20, 1.4.0-dev.585 through 1.4.12, 1.5.0-dev.636 through 1.5.4, 1.6.0-dev.754 through 1.6.7, 1.7.0-pr.251.885 through 1.7.8 and 1.8.0-dev.909 through 1.8.4, an…

  • CVE-2026-50131HigJun 10, 2026
    risk 0.49cvss 8.6epss 0.00

    Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL validation before runtime document and media fetching. However, the IPv4 validation…

  • CVE-2024-39687HigJul 5, 2024
    risk 0.40cvss 7.2epss 0.01

    Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. At present, when Fedify needs to retrieve an object or activity from a remote activitypub server, it makes a HTTP request to the `@id` or other resources present within…

  • CVE-2026-42462HigJun 10, 2026
    risk 0.39cvss 7.0epss 0.00

    Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3, an attacker can make use of JSON-LD features to restructure a JSON-LD document that would change how Fedify interprets it…

  • CVE-2025-23221MedJan 20, 2025
    risk 0.28cvss 5.4epss 0.01

    Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET request to any internal resource on any Host, Port, URL combination regardless of…

  • CVE-2025-68475Dec 22, 2025
    risk 0.00cvss epss 0.00

    Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in Fedify's document loader. The HTML parsing regex at…

  • CVE-2024-13874Apr 10, 2025
    risk 0.00cvss epss 0.00

    The Feedify WordPress plugin before 2.4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin