pkg:Packagist/pixelfed/pixelfed

4 total CVEsCRITICAL1MEDIUM3

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.9CVE-2024-25108Pixelfed doesn't check OAuth Scopes in API routes, giving elevated permissions
    >= 0.10.4, < 0.11.11
  • MEDIUM5.3CVE-2023-0914Pixelfed may allow unauthorized actor to view private posts
    from 0, <= 0.11.4
  • MEDIUM5.3CVE-2023-0901Pixelfed allows user enumeration via reset password functionality
    from 0, <= 0.11.4
  • MEDIUM4.3CVE-2025-30741Pixelfed may allow unauthorized actor to view private posts and private users
    from 0, < 0.12.5