@fedify/fedify

An ActivityPub server framework
Licenses: MIT | AGPL-3.0

License

MIT>=0.10.0-dev.220;
>=0.5.0-dev.88 <0.10.0-dev.220;

Direct Vulnerabilities

Known vulnerabilities in the @fedify/fedify package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • H
Incorrect Behavior Order: Validate Before Canonicalize

<1.9.11>=1.10.0 <1.10.10>=2.0.0 <2.0.18>=2.1.0 <2.1.14>=2.2.0 <2.2.3
  • H
Allocation of Resources Without Limits or Throttling

<1.9.6>=1.10.0 <1.10.5>=2.0.0 <2.0.8>=2.1.0 <2.1.1
  • H
Regular Expression Denial of Service (ReDoS)

<1.6.13>=1.7.0 <1.7.14>=1.8.0-dev.909 <1.8.15>=1.9.0 <1.9.2
  • H
Improper Authentication

<1.3.20>=1.4.0-dev.585 <1.4.13>=1.5.0-dev.636 <1.5.5>=1.6.0-dev.754 <1.6.8>=1.7.0-pr.251.885 <1.7.9>=1.8.0-dev.909 <1.8.5
  • M
Infinite loop

<1.0.14>=1.1.0 <1.1.11>=1.2.0 <1.2.11>=1.3.0 <1.3.4
  • M
Server-Side Request Forgery (SSRF)

<0.9.2>=0.10.0 <0.10.1>=0.11.0 <0.11.1

Package versions

1373 VERSIONS IN TOTAL See all versions
versionpublisheddirect vulnerabilities
2.4.0-pr.934.4011 Jul, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
2.4.0-dev.163411 Jul, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
2.4.0-dev.16189 Jul, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
2.4.0-dev.15998 Jul, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
2.4.0-dev.15837 Jul, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
2.4.0-dev.15817 Jul, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
2.4.0-dev.15797 Jul, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
2.4.0-dev.15777 Jul, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
2.4.0-dev.15757 Jul, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
2.4.0-dev.15737 Jul, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L