activitypub_federation (crates.io) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the crates.io package activitypub_federation, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2026-33693 — CVSS 6.5 (medium): Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.7.0-beta.9, the `v4_is_invalid()` function in…
CVE-2025-25194 — CVSS 4.0 (medium): Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on…