Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

mastodon — Vulnerabilities & Security Advisories 35

Browse all 35 CVE security advisories affecting mastodon. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by mastodon:mastodonmastodon/mastodon
CVE IDTitleCVSSSeverityPublished
CVE-2026-41259 Mastodon: Insufficient verification of email addresses — mastodonCWE-841 4.3AIMediumAI2026-04-23
CVE-2026-33869 Mastodon has a denial of service for quote authorization — mastodonCWE-863 4.8 Medium2026-03-27
CVE-2026-33868 Mastodon has a GET-Based Open Redirect via '/web/%2F<domain>' — mastodonCWE-601 4.3 Medium2026-03-27
CVE-2026-27477 Mastodon has SSRF via unvalidated FASP Provider base_url — mastodonCWE-918 6.5 -2026-02-24
CVE-2026-27468 Mastodon may allow unconfirmed FASP to make subscriptions — mastodonCWE-862 6.7 -2026-02-24
CVE-2026-25540 Mastodon's signature-dependent ActivityPub collection responses cached under signature-independent keys (Web Cache Poisoning via `Rails.cache`) — mastodonCWE-524 6.5 Medium2026-02-04
CVE-2026-23964 Mastodon has insufficient access control to push notification settings — mastodonCWE-863 6.5 Medium2026-01-22
CVE-2026-23963 Mastodon missing length limits on list names, filter names, and filter keywords — mastodonCWE-770 4.3 Medium2026-01-22
CVE-2026-23962 Mastodon vulnerable to Denial of Service from a single post (client/server) — mastodonCWE-770 7.5 High2026-01-22
CVE-2026-23961 Mastodon may allow a remote suspension bypass — mastodonCWE-863 5.3 Medium2026-01-22
CVE-2026-22246 Local Mastodon users can enumerate and access severed relationships of every other local user — mastodonCWE-201 6.5 Medium2026-01-08
CVE-2026-22245 Mastodon has SSRF Protection bypass — mastodonCWE-918 9.4 -2026-01-08
CVE-2025-67500 Mastodon Error Handling Discrepancy Enables Private Status Existence Enumeration — mastodonCWE-204 3.7 Low2025-12-09
CVE-2025-62605 Mastodon quotes control can be bypassed — mastodonCWE-754 4.3 Medium2025-10-21
CVE-2025-62176 Mastadon streaming server allows OAuth clients without the `read` scope to subscribe to public channels — mastodonCWE-280 4.3 Medium2025-10-13
CVE-2025-62175 Mastodon streaming API fails to disconnect disabled and suspended users — mastodonCWE-273 4.3 Medium2025-10-13
CVE-2025-62174 Mastodon allows continued access after password reset via CLI — mastodonCWE-613 3.5 Low2025-10-13
CVE-2025-54879 Mastodon e‑mail throttle misconfiguration allows unlimited email confirmations against unconfirmed emails — mastodonCWE-770 5.3 Medium2025-08-05
CVE-2025-27399 Mastodon's domain blocks & rationales ignore user approval when visibility set as "users" — mastodonCWE-200 5.3 Medium2025-02-27
CVE-2025-27157 Mastodon's rate-limits are missing on `/auth/setup` — mastodonCWE-770 5.3 Medium2025-02-27
CVE-2024-37903 Mastodon has improper authorship check on audience extension for existing posts — mastodonCWE-862 8.2 High2024-07-05
CVE-2024-25623 Lack of media type verification of Activity Streams objects allows impersonation of remote accounts — mastodonCWE-434 8.5 High2024-02-19
CVE-2024-25619 Destroying OAuth Applications doesn't notify Streaming of Access Tokens being destroyed in mastodon — mastodonCWE-613 3.1 Low2024-02-14
CVE-2024-25618 External OpenID Connect Account Takeover by E-Mail Change in mastodon — mastodonCWE-287 4.2 Medium2024-02-14
CVE-2024-23832 Mastodon Remote user impersonation and takeover — mastodonCWE-290 9.4 Critical2024-02-01
CVE-2023-42452 Mastodon vulnerable to Stored XSS through the translation feature — mastodonCWE-79 6.1 Medium2023-09-19
CVE-2023-42451 Mastodon Invalid Domain Name Normalization vulnerability — mastodonCWE-706 7.4 High2023-09-19
CVE-2023-42450 Mastodon Server-Side Request Forgery vulnerability — mastodonCWE-918 5.4 Medium2023-09-19
CVE-2023-36462 Mastodon's verified profile links can be formatted in a misleading way — mastodonCWE-20 5.4 Medium2023-07-06
CVE-2023-36461 Mastodon vulnerable to Denial of Service through slow HTTP responses — mastodonCWE-770 7.5 High2023-07-06

This page lists every published CVE security advisory associated with mastodon. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.