Browse all 4 CVE security advisories affecting pixelfed. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Pixelfed serves as a decentralized photo-sharing platform alternative to mainstream social media, enabling users to share images while maintaining data ownership. Historically, the application has been susceptible to multiple security classes including remote code execution, cross-site scripting, and privilege escalation vulnerabilities, as evidenced by its four recorded CVEs. Notable security characteristics include its federated nature through the ActivityPub protocol, which distributes risk across instances. While no major public security incidents have been widely reported, the consistent discovery of vulnerabilities in areas like improper input validation and access control highlights the importance of regular security assessments for this federated media platform.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-30741 | Pixelfed 安全漏洞 — PixelfedCWE-863 | 4.3 | Medium | 2025-03-25 |
| CVE-2024-25108 | Insufficient authorization allowing elevated access to resources in pixelfed — pixelfedCWE-280 | 9.9 | Critical | 2024-02-12 |
| CVE-2023-0914 | Improper Authorization in pixelfed/pixelfed — pixelfed/pixelfedCWE-285 | 7.1 | - | 2023-02-19 |
| CVE-2023-0901 | Exposure of Sensitive Information to an Unauthorized Actor in pixelfed/pixelfed — pixelfed/pixelfedCWE-200 | 5.3 | - | 2023-02-18 |
This page lists every published CVE security advisory associated with pixelfed. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.