CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/06/10 10:16 p.m.•6 views

CVE-2026-42462

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3, an attacker can make use of JSON-LD features to restructure a JSON-LD document that would change how Fedify interprets it without changing its...

7CVSS0.00249EPSS

EUVD•added 2026/06/10 8:27 p.m.•5 views

EUVD-2026-36132

Cvelist•added 2026/06/10 8:27 p.m.•25 views

CVE-2026-50131 Fedify has an incomplete SSRF mitigation after GHSA-p9cg-vqcc-grcx: validatePublicUrl allows special-use IPv4 ranges

8.6CVSS0.00269EPSS

Vulnrichment•added 2026/06/10 8:27 p.m.•6 views

CVE-2026-50131 Fedify has an incomplete SSRF mitigation after GHSA-p9cg-vqcc-grcx: validatePublicUrl allows special-use IPv4 ranges

EUVD•added 2026/06/10 8:22 p.m.•8 views

EUVD-2026-36127

7CVSS5.5AI score0.00249EPSS

Vulnrichment•added 2026/06/10 8:22 p.m.•5 views

CVE-2026-42462 Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring

7CVSS5.5AI score0.00249EPSS

Cvelist•added 2026/06/10 8:22 p.m.•26 views

CVE-2026-42462 Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring

7CVSS0.00249EPSS

CVE•added 2026/06/10 8:22 p.m.•13 views

CVE-2026-42462

CVE-2026-42462 describes an LD-Signature bypass in Fedify caused by JSON-LD named-graph restructuring. The issue allows an attacker to reorganize a signed JSON-LD payload (via features like @graph, @reverse, @included) in a way that changes how the signed ActivityPub activity is interpreted witho...

7CVSS5.5AI score0.00249EPSS

CNNVD•added 2026/06/10 12:0 a.m.•4 views

Fedify 代码问题漏洞

Fedify is a TypeScript library developed by Hong Minhee. It is used to build federated server applications that support ActivityPub and other standards. Versions of Fedify prior to 1.9.12, 1.10.11, 2.0.19, 2.1.15, and 2.2.4 have code vulnerabilities. These vulnerabilities stem from an incomplete...

CNNVD•added 2026/06/10 12:0 a.m.•5 views

Fedify 安全漏洞

Fedify is a TypeScript library developed by Hong Minhee. It is used to build federated server applications that support ActivityPub and other standards. Versions of Fedify prior to 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3 have security vulnerabilities. These vulnerabilities stem from attackers...

Positive Technologies•added 2026/06/10 12:0 a.m.•7 views

PT-2026-48548

vulnersOsv•added 2026/05/26 11:38 p.m.•2 views

@de-otio/trellis (>=0.4.0 <=0.7.1), @fedify/amqp (>=0.1.0 <=0.2.0-dev.12) +6 more potentially affected by CVE-2026-42462 via @fedify/fedify (>=0.10.2 <=1.9.0-dev.1516)

@fedify/fedify NPM version =0.10.2, =0.4.0, =0.1.0, =0.3.0, =0.3.0, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =1.1.20 Source cves: CVE-2026-42462 Source advisory: OSV:GHSA-9RFG-V8G9-9367...

vulnersOsv•added 2026/05/26 11:38 p.m.•4 views

@de-otio/trellis (>=0.4.0 <=0.7.1), @fedify/amqp (>=0.1.0 <=0.2.0-dev.12) +6 more potentially affected by CVE-2026-42462 via @fedify/fedify (>=1.10.0 <=1.9.0-dev.1516)

@fedify/fedify NPM version =1.10.0, =0.4.0, =0.1.0, =0.3.0, =0.3.0, =0.1.0, =0.2.0, =0.0.1, =0.1.0, =1.1.20 Source cves: CVE-2026-42462 Source advisory: SNYK:JS-FEDIFYFEDIFY-16895732...

vulnersOsv•added 2026/05/26 11:38 p.m.•6 views

@fedify/botkit (>=0.4.0-dev.177 <=0.4.0-dev.181), @fedify/botkit-sqlite (>=0.4.0-dev.177 <=0.4.0-dev.181) potentially affected by CVE-2026-42462 via @fedify/fedify (=1.10.0)

@fedify/fedify NPM version =1.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on @fedify/fedify and may be impacted: - @fedify/botkit =0.4.0-dev.177, =0.4.0-dev.177, =0.4.0-dev.181 Source cves: CVE-2026-42462 Source advisory:...

vulnersOsv•added 2026/05/26 11:38 p.m.•3 views

@fedify/botkit (>=0.4.0-dev.177 <=0.4.0-dev.181), @fedify/botkit-sqlite (>=0.4.0-dev.177 <=0.4.0-dev.181) potentially affected by CVE-2026-42462 via @fedify/fedify (=1.10.0)

vulnersOsv•added 2026/05/26 11:38 p.m.•2 views

@fedify/cli (>=2.0.0 <=2.0.17) potentially affected by CVE-2026-42462 via @fedify/fedify (>=2.0.0 <=2.0.17)

@fedify/fedify NPM version =2.0.0, =2.0.0, =2.0.17 Source cves: CVE-2026-42462 Source advisory: OSV:GHSA-9RFG-V8G9-9367...

vulnersOsv•added 2026/05/26 11:38 p.m.•3 views

@fedify/botkit (>=0.4.0-dev.184 <=0.5.0-dev.198), @fedify/botkit-sqlite (>=0.4.0-dev.184 <=0.5.0-dev.198) +1 more potentially affected by CVE-2026-42462 via @fedify/fedify (>=2.1.0 <=2.1.13)

@fedify/fedify NPM version =2.1.0, =0.4.0-dev.184, =0.4.0-dev.184, =2.1.0, =2.1.13 Source cves: CVE-2026-42462 Source advisory: SNYK:JS-FEDIFYFEDIFY-16895732...

vulnersOsv•added 2026/05/26 11:38 p.m.•3 views

@fedify/botkit (>=0.4.0-dev.184 <=0.5.0-dev.198), @fedify/botkit-sqlite (>=0.4.0-dev.184 <=0.5.0-dev.198) +1 more potentially affected by CVE-2026-42462 via @fedify/fedify (>=2.1.0 <=2.1.13)

@fedify/fedify NPM version =2.1.0, =0.4.0-dev.184, =0.4.0-dev.184, =2.1.0, =2.1.13 Source cves: CVE-2026-42462 Source advisory: OSV:GHSA-9RFG-V8G9-9367...

vulnersOsv•added 2026/05/26 11:38 p.m.•2 views

@fedify/cli (>=2.2.0 <=2.2.3-dev.1098) potentially affected by CVE-2026-42462 via @fedify/fedify (>=2.2.0 <=2.2.3-dev.1098)

@fedify/fedify NPM version =2.2.0, =2.2.0, =2.2.3-dev.1098 Source cves: CVE-2026-42462 Source advisory: SNYK:JS-FEDIFYFEDIFY-16895732...