Security Advisories - pixelfed/pixelfed - Packagist

pixelfed/pixelfed Security Advisories for v0.10.7 (3)

[CRITICAL] Pixelfed doesn't check OAuth Scopes in API routes, giving elevated permissions

PKSA-bgxg-jhn7-yhxd CVE-2024-25108 GHSA-gccq-h3xj-jgvf

Affected version: >=0.10.4,<0.11.11

Reported by:
GitHub
[MEDIUM] Pixelfed may allow unauthorized actor to view private posts

PKSA-1q5n-7dm3-hpym CVE-2023-0914 GHSA-qh6w-pq52-qxxq

Affected version: <=0.11.4

Reported by:
GitHub
[MEDIUM] Pixelfed allows user enumeration via reset password functionality

PKSA-gdgg-v7n6-gzsx CVE-2023-0901 GHSA-vjxx-jgcx-9fq2

Affected version: <=0.11.4

Reported by:
GitHub