Browse all 4 CVE security advisories affecting fedify-dev. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Fedify-dev is a federated identity management framework primarily used for implementing OAuth and OpenID Connect protocols in web applications. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and insecure default configurations. The project maintains four CVE records, with notable issues including authentication bypass flaws and insecure object references. While no major public security incidents have been documented, the consistent presence of critical vulnerabilities in past versions indicates a need for rigorous input sanitization and secure coding practices. Regular security audits and prompt patching are recommended for implementations handling sensitive authentication data.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-25808 | Hollo DMs get leaked and can be seen on Webfinger Browser — holloCWE-862 | 7.5 | High | 2026-02-09 |
| CVE-2025-68475 | Fedify has ReDoS Vulnerability in HTML Parsing Regex — fedifyCWE-1333 | 7.5 | High | 2025-12-22 |
| CVE-2025-54888 | @fedify/fedify: Improper Authentication and Incorrect Authorization — fedifyCWE-287 | 9.8 | - | 2025-08-09 |
| CVE-2025-53941 | Hollo renders posts received with form elements and allows submission — holloCWE-79 | 6.1 | Medium | 2025-07-17 |
This page lists every published CVE security advisory associated with fedify-dev. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.