CVE-2026-42462

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3, an attacker can make use of JSON-LD features to restructure a JSON-LD document that would change how Fedify interprets it without changing its...

EUVD-2026-36127

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3, an attacker can make use of JSON-LD features to restructure a JSON-LD document that would change how Fedify interprets it without changing its...

CVE-2026-42462 Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3, an attacker can make use of JSON-LD features to restructure a JSON-LD document that would change how Fedify interprets it without changing its...

Fedify 安全漏洞

Fedify is a TypeScript library developed by Hong Minhee. It is used to build federated server applications that support ActivityPub and other standards. Versions of Fedify prior to 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3 have security vulnerabilities. These vulnerabilities stem from attackers...

CVE-2026-4338

The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts...

Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring

As told on Discord earlier, multiple projects are affected, and we would like to coordinate. For now, we are aiming at a May 6th release date, but this is not set in stone yet. Summary An attacker can make use of JSON-LD features to restructure a JSON-LD document that would change how Fedify...

PT-2026-43443

Name of the Vulnerable Software and Affected Versions Fedify versions prior to 1.9.11 Fedify versions prior to 1.10.10 Fedify versions prior to 2.0.18 Fedify versions prior to 2.1.14 Fedify versions prior to 2.2.3 Description An attacker can utilize JSON-LD features to restructure a JSON-LD...

CVE-2026-40197

creationtimestamp| type| source ---|---|--- 2026-05-05 01:30:20+00:00| seen| https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3ml2zynvoipa2...

CVE-2026-42370

creationtimestamp| type| source ---|---|--- 2026-05-04 01:18:56+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mkyivhrpyd2w 2026-05-04 01:19:58+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mkyix5seejv2 2026-05-04...

CVE-2026-33450

creationtimestamp| type| source ---|---|--- 2026-04-30 21:22:04+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mkqkaw2txcl2 2026-04-30 22:01:15+00:00| seen| https://bsky.app/profile/euvd-bot.bsky.social/post/3mkqmh7g4mj2q 2026-04-30...

GHSA-C4QG-J8JG-42Q5

creationtimestamp| type| source ---|---|--- 2026-04-26 03:29:34+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mkemho5wntb2 2026-04-26 07:57:04+00:00| seen|...

CVE-2026-6437

creationtimestamp| type| source ---|---|--- 2026-04-17 19:48:06+00:00| seen| https://bsky.app/profile/Kubernetes.activitypub.awakari.com.ap.brid.gy/post/3mjpowzo7s4h2...

📄 Activitypub-federation-rust 0.7.1 Server-Side Request Forgery

This is a server-side request forgery scanner for Activitypub-federation-rust version 0.7.1. ================================================================================================================================== | Title : Activitypub-federation-rust 0.7.1 Lemmy ActivityPub SSRF Scanne...

WordPress ActivityPub Routing plugin < 8.0.2 - Unauthenticated Drafts/Scheduled/Pending Posts Disclosure vulnerability

Unauthenticated Drafts/Scheduled/Pending Posts Disclosure vulnerability discovered by ryuk kos0ng in WordPress Plugin ActivityPub versions 8.0.2...

CVE-2031-45862

creationtimestamp| type| source ---|---|--- 2026-04-10 16:12:26+00:00| seen| https://bsky.app/profile/Ubuntu.activitypub.awakari.com.ap.brid.gy/post/3mj5pmw6q7722...

EUVD-2026-20058

The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts...

CVE-2026-4338

The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts...

CVE-2026-4338 ActivityPub Routing < 8.0.2 - Unauthenticated Drafts/Scheduled/Pending Posts Disclosure

The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts...

CVE-2026-4338 ActivityPub Routing < 8.0.2 - Unauthenticated Drafts/Scheduled/Pending Posts Disclosure

The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts...

CVE-2026-4338

CVE-2026-4338 (ActivityPub Routing