@fedify/fedify (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package @fedify/fedify, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2025-54888: Fedify is a TypeScript library for building federated server apps powered by ActivityPub. In versions below 1.3.20, 1.4.0-dev.585 through…
CVE-2025-68475 — CVSS 7.5 (high): Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and…
CVE-2026-34148 — CVSS 7.5 (high): Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to 1.9.6, 1.10.5, 2.0.8, and 2.1.1…
CVE-2024-39687 — CVSS 7.2 (high): Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. At present, when Fedify needs…
CVE-2026-42462 — CVSS 7.0 (high): Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.9.11, 1.10.10, 2.0.18…
CVE-2025-23221 — CVSS 5.4 (medium): Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. This vulnerability allows a…