CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Fedify: >> Fedify >> 0.15.9 Security Vulnerabilities

CVE-2025-68475

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in Fedify's document loader. The HTML parsing regex at packages/fedify/src/runtime/docloader.ts:259 contains nested quantifiers that cause catastrophic backtracking when processing maliciously crafted HTML responses. This issue has been patched in versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2.

CVSS Score

7.5

EPSS Score

0.002

Published

2025-12-22

Page 1

Vulnerabilities

Vulnerable Software

Fedify: >> Fedify >> 0.15.9 Security Vulnerabilities

Products

Pricing

Contact Us