An ActivityPub server framework
95%
Total Score
100
67
100
100
100
| Title | Versions | Severity |
|---|---|---|
AIKIDO-2026-11096 @fedify/fedify is vulnerable to Server-Side Request Forgery (SSRF) in versions 0.0.1 - 1.9.11 and 1.10.0 - 1.10.10. | 0.0.1 - 1.9.111.10.0 - 1.10.10 | Medium |
CVE-2026-42462 @fedify/fedify is vulnerable to Incorrect Behavior Order: Validate Before Canonicalize in versions 2.2.0 - 2.2.3, 2.1.0 - 2.1.14, 2.0.0 - 2.0.18, 1.10.0 - 1.10.10 and 0.0.0 - 1.9.11. | 0.0.0 - 1.9.111.10.0 - 1.10.102.0.0 - 2.0.18 +2 more | High |
CVE-2026-34148 @fedify/fedify is vulnerable to Uncontrolled Resource Consumption in versions 0.0.0 - 1.9.6, 1.10.0 - 1.10.5, 2.0.0 - 2.0.8 and 2.1.0 - 2.1.0. | 0.0.0 - 1.9.61.10.0 - 1.10.52.0.0 - 2.0.8 +1 more | High |
AIKIDO-2026-10317 Pre-CVE Found by Aikido Intel before public disclosure or CVE publication. @fedify/fedify is vulnerable to Uncontrolled Resource Consumption in versions 0.0.1 - 1.10.3. | 0.0.1 - 1.10.3 | Medium |
CVE-2025-68475 @fedify/fedify is vulnerable to Inefficient Regular Expression Complexity in versions 0.0.0 - 1.6.13, 1.7.0 - 1.7.14, 1.8.0 - 1.8.15 and 1.9.0 - 1.9.2. | 0.0.0 - 1.6.131.7.0 - 1.7.141.8.0 - 1.8.15 +1 more | High |
| Dependency | Last Release | Score |
|---|---|---|
jsonld Version ^9.0.0 | — | — |
es-toolkit Version 1.46.1 | — | — |
json-canon Version ^1.0.1 | — | — |
@fedify/vocab Version 2.3.1 | — | — |
byte-encodings Version ^1.0.11 | — | — |
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant