pixelfed/pixelfed Security Advisories for v0.11.10 (2)
-
[MEDIUM] Pixelfed may allow unauthorized actor to view private posts and private users
PKSA-brgp-r3z9-1w4p CVE-2025-30741 GHSA-7287-grhx-542x
Affected version: <0.12.5
Reported by:
GitHub -
[CRITICAL] Pixelfed doesn't check OAuth Scopes in API routes, giving elevated permissions
PKSA-bgxg-jhn7-yhxd CVE-2024-25108 GHSA-gccq-h3xj-jgvf
Affected version: >=0.10.4,<0.11.11
Reported by:
GitHub