VYPR

Hollo

by Fedify Dev

Source repositories

CVEs (2)

  • CVE-2025-53941MedJul 17, 2025
    risk 0.33cvss 6.1epss 0.00

    Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes the issue.

  • CVE-2026-25808Feb 9, 2026
    risk 0.00cvss epss 0.00

    Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint without authorization. This…