All 5 CVE vulnerabilities found in fedify, with AI-generated Chinese analysis, references, and POCs.
Vendor: dahlia
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-34148 | Fedify affected by resource exhaustion caused by unbounded redirect following during remote key/document resolution CWE-400 | 7.5 | High | 2026-04-06 |
| CVE-2025-68475 | Fedify has ReDoS Vulnerability in HTML Parsing Regex CWE-1333 | 7.5 | High | 2025-12-22 |
| CVE-2025-54888 | @fedify/fedify: Improper Authentication and Incorrect Authorization CWE-287 | 9.8 | - | 2025-08-09 |
| CVE-2025-23221 | Fedify has an Infinite loop and Blind SSRF found inside the Webfinger mechanism CWE-835 | 5.4 | Medium | 2025-01-20 |
| CVE-2024-39687 | Fedify vulnerable to allowing access to internal network resources CWE-918 | 7.2 | High | 2024-07-05 |
All 5 known CVE vulnerabilities affecting fedify with full Chinese analysis, references, and POCs where available.