Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

lemmy — Vulnerabilities & Security Advisories 6

All 6 CVE vulnerabilities found in lemmy, with AI-generated Chinese analysis, references, and POCs.

Vendor: LemmyNet

CVE IDTitleCVSSSeverityPublished
CVE-2026-42180 Lemmy: SSRF in /api/v3/post via Webmention dispatch CWE-918 6.3 Medium2026-05-08
CVE-2026-42181 Lemmy: SSRF and internal image disclosure in post link metadata via unvalidated og:image CWE-918 6.5 Medium2026-05-08
CVE-2026-33693 Lemmy's Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid() CWE-918 6.5 Medium2026-03-27
CVE-2026-29178 Lemmy: Unauthenticated SSRF via file_type query parameter injection in image endpoint CWE-918 7.5 -2026-03-06
CVE-2025-25194 Server-Side Request Forgery (SSRF) in activitypub_federation CWE-918 4.0 Medium2025-02-10
CVE-2024-23649 Any authenticated user may obtain private message details from other users on the same instance CWE-285 7.5 High2024-01-24

All 6 known CVE vulnerabilities affecting lemmy with full Chinese analysis, references, and POCs where available.