Browse all 35 CVE security advisories affecting mastodon. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-36460 | Mastodon vulnerable to arbitrary file creation through media attachments — mastodonCWE-22 | 10.0 | Critical | 2023-07-06 |
| CVE-2023-36459 | Mastodon vulnerable to Cross-site Scripting through oEmbed preview cards — mastodonCWE-79 | 9.3 | Critical | 2023-07-06 |
| CVE-2023-28853 | Mastodon's blind LDAP injection in login allows the attacker to leak arbitrary attributes from LDAP database — mastodonCWE-90 | 7.7 | High | 2023-04-04 |
| CVE-2022-2166 | Improper Restriction of Excessive Authentication Attempts in mastodon/mastodon — mastodon/mastodonCWE-307 | 9.4 | - | 2022-11-16 |
| CVE-2022-0432 | Prototype Pollution in mastodon/mastodon — mastodon/mastodonCWE-1321 | 9.6 | - | 2022-02-02 |
This page lists every published CVE security advisory associated with mastodon. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.